diff --git a/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json b/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
index d14ca6f0ac..27446ba770 100644
--- a/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--032a9d86-83a5-4e5e-877b-203c12a4699e",
+    "id": "bundle--fe970af0-3ca3-48ea-bade-be2e7d8567a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json b/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
index 8c6438b7fe..0baf9cb31d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
+++ b/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84733429-cdee-4614-858f-7ff104e04868",
+    "id": "bundle--d0544880-3945-421e-8d41-0ba7e91c8e2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json b/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
index 99c1ccba0f..a8b46e2830 100644
--- a/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
+++ b/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--544f283c-1fbf-4cbf-9354-66c9d65b81b2",
+    "id": "bundle--8c6a358b-cd1e-4201-b041-36f95c717065",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json b/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
index 588f9ec0b8..b76106203d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ecc77bda-86a6-4f86-9056-527e49024f48",
+    "id": "bundle--6c9a56bc-e25c-42cb-b0e7-7da8b78c3cdf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json b/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
index 84b013e9eb..5dd77338b1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9bcfd648-b7e6-4d67-8e11-d05fb35e8222",
+    "id": "bundle--9922d725-ab3d-481a-81e9-a1f4c77e76e0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json b/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
index b8fd74c90c..312b963831 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbb81e62-248b-4d00-b983-a39ec806a8c0",
+    "id": "bundle--1d7b0740-0d62-4d60-b8af-d501c7348fe2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json b/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
index 4272492d20..5133bd7a23 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b60ec0fb-fd71-4442-b452-a01ee386eb27",
+    "id": "bundle--8c316efa-bb21-4ef7-b06f-714a686784e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json b/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
index 4c1e24b2b2..a2b920a096 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--46e848cc-23af-4730-a0ab-ccf22fef8f18",
+    "id": "bundle--f0a355c2-bc4a-45d8-95c5-2ec32b7043bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json b/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
index 2afb18415d..98f892a878 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b39df1f-405b-43be-962f-14d69d85abab",
+    "id": "bundle--33d18949-c530-4b89-96ae-438a81a5ddd4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json b/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
index f44c3da5dd..41a3538688 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc4f4753-4093-4b69-a41c-7667b7a3d6dd",
+    "id": "bundle--bbaad56f-2fb0-4040-b993-388e783e3381",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json b/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
index 6842b3b004..7cf544ff06 100644
--- a/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
+++ b/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56d953b7-9340-4a31-b5b1-5fd25aa46ae8",
+    "id": "bundle--306785f9-17d3-46dc-a4e4-bdf5b8919e54",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json b/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
index c280da3f55..a85ae1edd0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac529e68-d3e7-4295-9c86-4fcb57e2b1f1",
+    "id": "bundle--f97cf624-ea91-4ce2-9c98-64119f34b550",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json b/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
index 733ae09e18..1ab9c2d8ae 100644
--- a/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
+++ b/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--586d9294-9a57-44c2-96f0-4633d66ab232",
+    "id": "bundle--f1fc12e5-588b-48ff-97f8-acf672089bc5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json b/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
index 7fe86830df..3760ff5512 100644
--- a/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8872159-18b2-48f8-bcc9-25d6ee215049",
+    "id": "bundle--dfe1199f-937e-44b1-b741-34dc24e55f39",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json b/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
index a8c545b8da..f872c86bc3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--89af32c9-e673-49a0-b485-92314cbb7ed5",
+    "id": "bundle--b373a8d1-e263-4132-aabe-b45e3f98049f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json b/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
index 2475da9b17..137478e7e8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b6c539ff-b61f-4aec-8166-1f8029fec9b7",
+    "id": "bundle--a072dafb-5f0b-4bc8-a380-761a231eb271",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json b/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
index 2ad61db48e..33f6a12bcd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2cdef75-8d8b-4cef-a2a9-21fb0befdd6b",
+    "id": "bundle--2c10842c-8b18-4447-9b16-9ca8105dd7c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json b/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
index d3b388350e..367e07944d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d347efe0-9b86-4268-8d67-07e06eb03c93",
+    "id": "bundle--a1530391-b8dc-44c7-9446-89ee308d8797",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json b/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
index 447c0f494e..f1d7046201 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--02d2624b-d7d8-48bd-80b0-1faa5913b8dc",
+    "id": "bundle--a577afff-5bc8-48d9-a7b7-6960e78dc7cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json b/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
index e31808cdb1..406a1895cc 100644
--- a/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b884ce9-f446-487d-8764-a05ba4df3df7",
+    "id": "bundle--e3320dba-5a09-482a-9074-e04a99a89c79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json b/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
index dee1eae2f3..34e9512e40 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa8539d1-c331-49f5-bdf5-eb1cd47816e7",
+    "id": "bundle--41678525-7554-432b-9448-d83257461c68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json b/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
index b556eac379..f13a1b8b97 100644
--- a/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9cce34e7-9c14-4f0d-a66c-744cc2781fe7",
+    "id": "bundle--a84f6236-d4b3-4c88-a18a-c64a1d57df4b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json b/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
index 93778676f0..95e8e60586 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8449a3b6-3368-4cf4-bd66-05e3d5df574f",
+    "id": "bundle--4ccbcc03-cd6f-4f9f-9509-0ac44b46efbf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json b/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
index 40be5d6bcd..926c803bad 100644
--- a/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
+++ b/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--29b78f12-c669-4235-b391-ae58c2399208",
+    "id": "bundle--5bd5f78a-ca97-4f0c-ae12-875e27df8883",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json b/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
index c6c6e4415e..340e35ac73 100644
--- a/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
+++ b/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23762534-2273-4caa-88a1-a74e92bb8e56",
+    "id": "bundle--9b5ba1f9-1270-4ac9-8daa-1862b7d7053e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json b/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
index 3622ae8520..c95255fbad 100644
--- a/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b31dc75-1ff7-4006-a4b9-0bbe02de7e76",
+    "id": "bundle--ba00f8d2-3017-4fdd-9692-f4f7125e12bd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json b/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
index 3451abd543..32e2de12f8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
+++ b/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1bb1ec7d-eff2-47b4-9a78-bbdc286a86bd",
+    "id": "bundle--de75876b-4b73-4371-a4ba-cecda03cd3c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json b/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
index 010e6474d1..8b8cf2b554 100644
--- a/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53843767-14c1-4c70-b881-5674b4c4d659",
+    "id": "bundle--abcb1e01-57be-4f32-9606-363d67531173",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json b/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
index 2c8ef3cede..b952b334bd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
+++ b/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e1cd87e7-ecc8-44fc-a4b1-3ce963f0c3ce",
+    "id": "bundle--535102c6-cbaa-4c5f-97e8-1dafb004c46e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json b/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
index 063ab4d39e..d59860b382 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c50254a-ac7f-45f7-9e6c-7f0dd0a6ea59",
+    "id": "bundle--a3fe9a28-0422-4602-b6eb-7b939d99848a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json b/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
index 04d172aa77..acc4635c22 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7d75523-d60f-48ed-b1e9-e3b666c94777",
+    "id": "bundle--499d81c3-c10a-4402-9be2-5fc04bff5654",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json b/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
index 6a6e96cf29..9dbc57deba 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef90d325-2256-4f09-b5d7-f022be6c5ad2",
+    "id": "bundle--072baa3c-d82d-4553-b4ce-288cca6f31c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json b/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
index 007dd81fca..4dd8961f77 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf9a998d-523d-41b4-9da6-d95974ff410e",
+    "id": "bundle--0f177646-b457-40d7-8319-45a4e3260711",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json b/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
index 7d6e3beba7..9feb53fabb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d7aa86fc-09bf-4e9d-a1c2-ca9f70be6d8b",
+    "id": "bundle--d64dd489-ad2a-4e58-9b1b-70557f581651",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json b/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
index 59d7f6efbd..8f3c9c3191 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ef571ee-2462-4bfb-aef6-89dca4a7f3a5",
+    "id": "bundle--bb39b3e3-09e3-4a90-a096-b2397cf8e76d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json b/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
index 3fb551a5a0..d55ef008ad 100644
--- a/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--85232c07-d2b0-4643-96c8-3f2525153526",
+    "id": "bundle--6b1b8127-400d-45f9-85f4-946706fab667",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json b/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
index 4a83e6f007..ed00b99ef3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
+++ b/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9f88cff4-e867-4f61-bff5-377a5cdcd8c3",
+    "id": "bundle--747e06fb-5a1d-4c83-9a58-883cef87ee6b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json b/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
index 674c02dde6..ebfc3ff701 100644
--- a/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--472fe14e-61df-47b1-9994-5f20d00101dd",
+    "id": "bundle--13bb4ad6-7ab7-4e72-8093-1671dd1697ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json b/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
index b77a0423ba..638e0ee02b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
+++ b/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--14cbca3c-518c-4e8e-a38c-fd0f14ce6bca",
+    "id": "bundle--c3772b48-78cf-455b-98b8-7e32b8a36d47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json b/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
index 4421ef6f4d..bfcb0521b7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--94ff044f-9eb7-49bb-a472-4e4d00ce6db6",
+    "id": "bundle--30e2a6c9-a3c5-429c-aaa8-edc6e64af1ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json b/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
index 5fb321594f..7657c2376c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c300b97-fa40-43d6-8ba9-90300d84c3fe",
+    "id": "bundle--72b54946-3c9d-479e-8d3d-56dac8ab37dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json b/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
index f9ef0b88b4..f95a21bb3d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
+++ b/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53d48ed2-5e23-4b8f-b38e-0a236cb0b688",
+    "id": "bundle--03b172d0-b763-4fd9-928a-b9e77b2faf0c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json b/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
index 538aea5a2d..33928a68eb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aeaf88fe-ff3e-43d2-95c5-e081d46c9893",
+    "id": "bundle--2e8fc769-2a3a-4f1c-9315-a3531d4d215b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json b/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
index fa0c348672..5f61efe557 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e53032e6-0eca-426d-8b27-0aaf66a88120",
+    "id": "bundle--711dac91-c675-4d46-82b9-58352938850a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json b/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
index 5b6e603664..4c02b58a83 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f4047ba-27ec-412d-9854-8a8dd36ce190",
+    "id": "bundle--4af85987-f026-4f22-93fb-c69fbf612d1f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json b/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
index 38fe97a8e8..8f91c8f8a2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2411b66-4dcb-4176-ba81-6fd13acf8ae4",
+    "id": "bundle--c15e415b-3faa-4629-ab16-cf7b7eb0a0d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json b/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
index a58362acff..e1c78a1524 100644
--- a/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
+++ b/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--563693e2-126e-4f38-8da6-06acd8babe77",
+    "id": "bundle--c344b53e-edd5-41ae-9969-5ae74cdf6e9d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json b/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
index a6fe09d4ca..6a3ed0f361 100644
--- a/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--451fa4e1-033c-4e88-856f-2a14c65cea72",
+    "id": "bundle--50ec704b-6666-4888-91bb-fc0b35b48313",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json b/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
index 86b6f8b15c..6769cee153 100644
--- a/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
+++ b/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4fa10a0e-a704-4a54-8036-28ba0bc3ea99",
+    "id": "bundle--2c92a035-b376-4916-9a8e-a6be05d0ad78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json b/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
index 8e88a70f30..b2834bfcba 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc52c085-75d4-498b-aa29-872a63450ff2",
+    "id": "bundle--3f75ef21-2ca3-4e52-bc2a-c39b26f6d60e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json b/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
index 08bec6fc28..72e3e189e8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3705176f-a1f7-49d9-afa1-05a0d4080b16",
+    "id": "bundle--9b027c7d-ffd3-490f-a683-62853260ce2e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json b/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
index 800d635778..44fa3b38a8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a146a8ff-a491-461b-8fab-07be8c0eb098",
+    "id": "bundle--3c0ecefe-47c9-48f0-83dc-bfc47c10c940",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json b/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
index 01f303c2a4..25324eafe0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
+++ b/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a262dac7-830c-48a9-b28f-8731bb17294e",
+    "id": "bundle--068b5f5d-8a4f-401a-8b73-bf99bfd104c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json b/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
index 2c5a2b7253..e56f3b4801 100644
--- a/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
+++ b/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4268fdbe-655b-4884-8a5a-5b743a80d571",
+    "id": "bundle--5a524082-c610-4933-84f3-1108001e862d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json b/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
index 063de626e6..c1d01ce90c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dbc9bd31-d694-46c9-9195-d908ebd8e0ae",
+    "id": "bundle--869382e9-f57d-49f3-b3ab-0ebd9e39a63c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json b/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
index b7796315e3..9299168bbc 100644
--- a/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e38a25ab-6877-4fcd-8801-c48552c5382d",
+    "id": "bundle--c601fc44-69c8-4116-a10f-ff47930af628",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json b/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
index 5264b544b1..66513a88af 100644
--- a/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
+++ b/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--982688b8-c5fd-44d2-a1cf-01ad54e4400b",
+    "id": "bundle--7874bcb4-393d-437a-b1d6-b5f10197bec4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json b/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
index ca2eedb93b..dcbbf5dee8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
+++ b/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--32077a8b-410b-44c1-93c3-eecc78c9db73",
+    "id": "bundle--fa2033d6-3bec-4aef-9f3c-5e5dd3b7e4cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json b/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
index 784b4782ef..06b134a00b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--702cc01e-9180-42a4-ae71-4d00681eba9d",
+    "id": "bundle--00ba31b8-1dba-49c2-9223-4e4eb1260369",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json b/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
index ef1a755b72..4017d33ef9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
+++ b/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--723776dd-e02b-4634-aed1-17a83f65e97f",
+    "id": "bundle--d668b9e7-2ecd-4d20-a1fe-9ef47a368e4c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json b/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
index 429c01f2a5..5f279311bf 100644
--- a/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a06ac4b-a437-43d3-8198-240e1a742010",
+    "id": "bundle--2c72f9bc-1b57-4ff1-ac0f-752cf51a4c7d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json b/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
index 6ce72879a7..2bfeebca9b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c695d516-a284-4e05-bb32-9c5d9e200032",
+    "id": "bundle--2c9754ff-99f0-443e-a86e-a79baa04973f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json b/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
index 0d75a9187f..afc675fbe6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d57e85d1-e12e-4db1-b996-d9f0f6d4f15b",
+    "id": "bundle--e04e05b0-879a-4dc6-8f34-c3660ee16ae8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json b/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
index 1e910264be..a21563f321 100644
--- a/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af914ea6-9bbf-4d17-a5c1-1020b7b3afca",
+    "id": "bundle--8185466b-cd0c-4b69-980b-7945622a30ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json b/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
index c4a339c337..ed3cb707e6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3512f129-a754-4160-86c8-911f95888a55",
+    "id": "bundle--589484b8-8d61-442e-bef7-fbb3a9311131",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json b/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
index 5c59f8bcd7..44580816ed 100644
--- a/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--28af4a5a-1d93-4980-a9be-82acb421ca8f",
+    "id": "bundle--177e4394-2b22-4420-b6c4-d12df8c33dca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json b/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
index ca144f804c..a1bbc6c9a7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03e3e312-e301-48f6-b3ff-ce68c41b179b",
+    "id": "bundle--6028e15a-f8c2-4b13-a016-6c55698fe8da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json b/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
index 7d4fcc6c64..76a1c54573 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ecb0c55-67ed-4c81-802f-d47448dce942",
+    "id": "bundle--e4c9fa20-efc7-41f7-86d4-e44de9d2a27f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json b/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
index 404abd7b89..aed6a960de 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--76adad89-c0a6-49a9-b5e6-3b2c20adc719",
+    "id": "bundle--95ef1e11-0287-42e1-9a3a-249793a11aef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json b/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
index 709e75097a..74b41b3cfa 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--83ba4188-897c-4326-9b47-ca5d29e63d3c",
+    "id": "bundle--353f142f-79a9-45cf-9324-359f0695a313",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json b/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
index f2b1afec8a..5430198ca8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56267256-8114-4907-b70d-c7475149f7db",
+    "id": "bundle--5f283ecd-9ed4-4c0c-a229-0f6eec016483",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json b/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
index efbd35dcbe..2d1345b32a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6fe9bd97-9187-4c66-a014-b7265abf7e98",
+    "id": "bundle--a0995a89-fd26-4ca5-a7ce-15ee2a7c1b24",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json b/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
index 7cd1e09a2f..3908779350 100644
--- a/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
+++ b/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--708ce8be-e50b-4fe7-9d91-f37231e8c3a9",
+    "id": "bundle--81a94fb4-b76e-427e-9650-dbd4e22ec565",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json b/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
index e18bf8da5d..6813852d9b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7de97d73-fd4e-44e2-9c4a-979f730a4b6e",
+    "id": "bundle--6b6d8958-c145-4ee1-b7b8-72e66fd69463",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json b/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
index e1766d4aee..b2484fbc0b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00e4ec5d-34c7-4c64-bd24-814efe32b87c",
+    "id": "bundle--e57b0263-d91e-44a2-965c-ec0bff2f3d02",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json b/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
index ab00485b76..cf8df4cb4b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--127a784b-0578-40c4-83d2-7177fb01d00a",
+    "id": "bundle--3abe3859-72d9-42f2-8189-fc7550ce73ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json b/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
index e548cb2807..146efe17b2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
+++ b/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae45fb01-4aa2-4524-9c82-7205d5e67cb5",
+    "id": "bundle--34ce7135-5070-4baf-a62b-60580faf6a69",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json b/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
index 4cd340cb51..c0915a31d8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e16845f7-ea3c-452d-9f87-8df76ca5d9a0",
+    "id": "bundle--b5d1f2b9-c39f-4461-88b9-709ecc1364b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json b/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
index 9871df07cf..46de9be40e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b6667019-3d80-44eb-8e71-54449880ac49",
+    "id": "bundle--ae7e3bbf-dc29-4671-8f86-7f51c99e360b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json b/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
index c3d34d1f5c..9d5a0f1ff6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--35d621fd-15a2-44b4-88ae-7555f1841d1d",
+    "id": "bundle--e84098c4-1f25-4d12-89a6-497700ecf566",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json b/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
index 8afa560562..00d9f96c0e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b9db824a-609c-4e5a-bc9a-84640f047d3e",
+    "id": "bundle--46831905-767b-4bd6-9a43-5a13a5a77979",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json b/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
index bfdded7997..3e4d7775e9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
+++ b/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68b86b2b-8ac6-4fd5-b1e6-c2d231547e67",
+    "id": "bundle--38e4df58-d165-45a2-8c1b-6fc4f74b26e2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json b/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
index 1763ef86be..fe994da08f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d88316a3-1364-4c88-ad91-9a1be77d7c52",
+    "id": "bundle--99526fbd-1faa-4954-b583-69f08029ea29",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json b/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
index ef418d96be..c825782c1f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
+++ b/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bcf8c896-473d-4dc7-afbc-d01021313dec",
+    "id": "bundle--f94db3be-2ae7-403b-94ea-6a7d5ddc1b92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json b/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
index cac6587407..43b0377841 100644
--- a/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
+++ b/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--21a5ac7b-7d71-48a7-b0ee-7b466391b836",
+    "id": "bundle--b02bf35e-b16e-4d01-8cd3-8cd44d16a581",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json b/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
index 093423da12..316c496109 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--900676d6-de84-489d-b51f-2d88d1529b88",
+    "id": "bundle--65aab7a7-ba96-422b-84a8-37f5c5b45f63",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json b/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
index b291ca6aed..7793d4671e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1893a05-b2a9-4210-b3ae-17c0e55e180f",
+    "id": "bundle--b8c26e6e-d1e0-4103-9085-ac664ec930d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json b/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
index 67117d55d6..78e986db2b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
+++ b/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff780643-1151-4c74-adf8-248fc23f7dc1",
+    "id": "bundle--72f58244-881f-4ea1-8b41-ceffd77ab217",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json b/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
index 511b89a760..40a8fc6927 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--860a885d-3419-49e3-b54d-ea04fb1f0cec",
+    "id": "bundle--9224ff18-c785-4f06-9ce9-d82f763e2dc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json b/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
index 8c63f8a986..233ea82527 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d31a856-d788-4736-8513-a3625568a3db",
+    "id": "bundle--8bb97d20-ab93-41ad-9962-fe0ad404c969",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json b/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
index e1d6fbe4eb..b30ec30fdc 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5991da27-c3fd-4977-8932-0c954de54ff8",
+    "id": "bundle--566840bf-5cce-4b63-afdb-316516951088",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json b/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
index 3684930408..96527f5e74 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--394fdd1b-ef1d-4695-bc25-3489d05fa498",
+    "id": "bundle--4265e351-99be-46c2-a5c0-77608f8f7cce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json b/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
index 93cea0c77f..af08f13524 100644
--- a/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
+++ b/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--55b07513-1329-4e41-8cea-735505170f7f",
+    "id": "bundle--2d251495-b6de-4b46-a3a8-8638c9e5544b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json b/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
index ce95b6877c..a691d5f126 100644
--- a/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dbb4b5ca-debf-4c02-b710-30a5a100ea0f",
+    "id": "bundle--88fc80dc-59ea-4004-ae7a-69e4a76376b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json b/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
index 854c4d2614..06c24ce549 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7333aeb6-83e9-41f0-b915-1c0b3f601b40",
+    "id": "bundle--9033a6b3-2ee7-4493-b51f-ae88ae9621c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json b/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
index ab9ecf4d96..0cac2b0e9e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33fc054b-0f05-4788-9e1f-a5232696fd14",
+    "id": "bundle--475a4bb8-d63f-4ad0-9c68-f386024a0843",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json b/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
index fe6bf8e165..7f7dd5911d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
+++ b/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa7a7c1a-0a60-4f4d-bb92-00f26b558c80",
+    "id": "bundle--6f751e45-8d4c-42d9-9351-faac3fc36e3e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json b/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
index 3ab7fa79f8..efce3cda36 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--988376fc-37cf-49a4-9646-688542c69f75",
+    "id": "bundle--73861d9c-dd46-47f4-90ff-0c6d5758fd7a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json b/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
index 2440f04451..f4bfaf3175 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--210097e0-394f-480a-8808-642b7e91f0fd",
+    "id": "bundle--4ffd2d57-38e9-48cb-8720-5c59e8dcd477",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json b/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
index ece222a311..ebcb84df6a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc094b1e-c149-4b3c-9fc9-7ec1fc29e717",
+    "id": "bundle--b012ac16-0dd6-4ba1-b5ab-b4a6b64437af",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json b/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
index 84864c941c..09ea5f2430 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de3f5214-3cdb-4b16-a25b-cd8b4409bec7",
+    "id": "bundle--4f9f50aa-8e53-4869-8f96-ff3f949ff90c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json b/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
index 950c57893d..a3c9507af7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c391a92-228c-47f9-8aa6-b91a400db3a0",
+    "id": "bundle--a7ab7148-045f-4b93-b08e-a512709587eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json b/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
index 900161ed53..b77a2a0ae2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1970bc4b-0417-42e2-933c-7b4fc71d97c6",
+    "id": "bundle--92f61d34-933d-4455-8909-dbf0d7cebedd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json b/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
index a5df715c7c..bd0bba4163 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--838d794c-5f29-4773-9a23-1c7be12a9cc2",
+    "id": "bundle--51a83ef4-d8c1-459f-b6f8-6d37399c740d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json b/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
index fcc7af7803..ef4b0f2e28 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f515c714-a5de-473c-a475-0fcd7dc6887f",
+    "id": "bundle--12bf5476-93d6-4bd7-ab73-2cdc3013b26d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json b/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
index 06184173b6..b9d7aef60f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b37d62c8-aa8d-4b8f-a76d-a65f4bb0c1f4",
+    "id": "bundle--2ef03a06-3054-4f2a-9e5d-88a5fe5b90ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json b/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
index 2267df8846..0e79962b5b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00948cc0-455b-4dd6-8824-273c540f05f8",
+    "id": "bundle--ebd0b051-74d2-4422-b682-57db21c1be2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json b/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
index 9683c333da..d18452f7ad 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67988971-6c01-42a3-8560-c5a787b13bf6",
+    "id": "bundle--a2f62ff6-5cce-43e4-82c5-a5be9eb8c51a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json b/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
index 195c44e191..585715dbaa 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5a16e05-909b-44f4-95b8-9db775c86f2b",
+    "id": "bundle--28890dea-cd7a-4402-a7a3-e5315a3b236e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json b/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
index 40448b4803..8c946954fc 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--611e2508-60b4-410b-b8da-9c58a292829e",
+    "id": "bundle--9484df21-841a-425c-8529-a452795d1da3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json b/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
index 0367bb723a..a128310c66 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06cb6187-c225-4ee3-a88a-85f408dd12ec",
+    "id": "bundle--40854944-8470-4f60-a61e-4af54cdce959",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json b/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
index d0022cc2a1..67af75e59f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
+++ b/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a79b8d6-0ff9-4d2d-98b1-097627d591c4",
+    "id": "bundle--7229adc0-38fd-47fc-9f62-45510cce15e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json b/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
index 2ad8204f5d..a656750548 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--28ab595a-b87a-4d8b-a3a6-8c4956a6fcb7",
+    "id": "bundle--f91c801c-250c-48e8-8bce-5edac914c6b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json b/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
index 47f43c661f..65b4ae088f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f2f1a9e-5051-4b29-854d-5c0c369872f2",
+    "id": "bundle--70d9f99a-fea8-4997-9f5f-3efa6c0f197f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json b/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
index 59d7d5ccd8..3a1c1d9b5f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a53935c-b1cf-4155-b3ab-8b7e21c5b31a",
+    "id": "bundle--6a451767-de8d-45f9-899f-c7d14d8adb70",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json b/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
index 7f8575a91a..2736690a24 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a74e8610-a269-4ad7-915b-3ba175c29b96",
+    "id": "bundle--86a55b4a-9652-46c7-abaf-4ded07978314",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json b/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
index 0816235020..5c259a817a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cf45cf49-6232-43ef-ac16-bb8b27fc6a0d",
+    "id": "bundle--8c9bc7ee-0f8e-4dc9-81d8-0547a3d9a197",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json b/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
index ff6e25e8f3..bb52ce8c07 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--14bc862a-c1fd-411b-8dca-edf8c02a1ae3",
+    "id": "bundle--bf0cf9f7-58f0-400c-a6e5-a69cece5576e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json b/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
index f5db37c94b..cd2ec39673 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4271e1b-8395-45bf-b089-09ef71d72b5e",
+    "id": "bundle--7bff4b4e-d8d5-42f4-825a-9da31209e305",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json b/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
index d6d876c12c..c72f0b5550 100644
--- a/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
+++ b/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5c17e8aa-6f0a-4bd0-bfe4-a99be26dc45a",
+    "id": "bundle--ce93c3cf-f60c-4d46-ab46-f5be640ac75f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json b/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
index 2c304b0d04..61bcf00367 100644
--- a/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6056aa1f-0dac-46f3-88d0-39c5883fc877",
+    "id": "bundle--cc872fca-38e3-4531-93ce-f33252c48f93",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json b/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
index 320f780566..03e431280f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e12a0002-9a35-4cf5-8531-3102dd34b956",
+    "id": "bundle--1133a406-8d38-41f3-bf5e-263a9bbf0c61",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json b/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
index 9424665d2b..1899d23e4e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40d89d9f-baf8-4637-a693-331024803555",
+    "id": "bundle--52f94db7-7b61-4b27-8695-b6a3919de9e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json b/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
index 147b8e1681..6530966fd1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b7253e4-074f-47fb-870e-cb5dc885d5ad",
+    "id": "bundle--994c3652-2747-4fd8-a23f-cb45ca1dc54d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json b/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
index 7c47dadf37..b9a78d289f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9106d83-12b6-4f9a-8b92-39ba2f426cce",
+    "id": "bundle--c1043f93-8b06-4c0d-b240-2210ddb83656",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json b/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
index a70570a035..0e5a5d8471 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dca9529-1748-45f6-84c2-054d0e646431",
+    "id": "bundle--fdb92083-02ac-40ad-ad79-4620b799a456",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json b/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
index b722e81a16..1e93a0bdd3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7fa8e434-2d09-4916-81b8-ea4a259711cc",
+    "id": "bundle--458b3435-37c8-45e0-83fd-65423005903e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json b/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
index 5a6e1e5696..ae422d9364 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25d0604a-9a20-49bf-841e-e9f6812e6b5a",
+    "id": "bundle--d181b5ef-d218-4860-9f41-3a374dc9d6f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json b/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
index e0dd154e1e..dca0333dad 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12eb5d6a-c43c-4a7d-9fb0-7d058e4d84f9",
+    "id": "bundle--5d3ce03f-8ef8-45f2-8ed3-a4c1fa826a4d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json b/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
index 0525609520..613d6f4ac9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--92358a71-cf1a-42b6-8d96-aff3125f9afc",
+    "id": "bundle--9f4e064f-37aa-419c-99a6-c20e2c209f7a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json b/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
index 99ac06ca0c..459fd60717 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8933b059-7837-4410-a507-1e0c8a080acc",
+    "id": "bundle--356e2f98-cf45-4c2f-9442-c458bcbd6531",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json b/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
index e4b1695ec7..0eb5855575 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7702b9a-1f9b-4f53-ac5b-341e41c40659",
+    "id": "bundle--f3c330cf-eb88-4824-8bb2-d55ccb8dc2c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json b/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
index c202748c52..56926f77af 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--795b384f-1209-44d3-86b6-051b4d4d4699",
+    "id": "bundle--6a9163af-60dc-432d-bd36-5db1d7e68448",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json b/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
index 30343790f4..3598c87716 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fedfafde-09e9-4150-b36f-0391b0cf45cf",
+    "id": "bundle--3da7f330-9d86-47d0-a60c-f4335c113833",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json b/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
index 28e1beca1a..e63ef9a6c1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f55db1b-2eba-49ad-89ac-d6342af84182",
+    "id": "bundle--f575feb6-5d9e-48d2-bfa8-157d8a341e68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json b/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
index a87efd2aa7..e710d626ef 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--827906cf-e5f9-4a6f-ae26-eaff845d1bb9",
+    "id": "bundle--c53fb195-29ec-427a-926f-87d3247e2b88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json b/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
index 40ee9bb0d9..68b9ab6651 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--061f4536-5583-4e91-be9b-30f4dd8c15c7",
+    "id": "bundle--83195c76-ecaf-4bd3-b1ef-1f84b82dda82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json b/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
index a2d90dec1b..414a3c30a8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39e17c1a-5356-4cf4-882e-8c63ee96670b",
+    "id": "bundle--b15460c3-ef3e-44f1-a9bd-f2a548c41b9f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json b/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
index 66bfe95413..71fc3a60ee 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--250e8e9f-e761-464b-9707-c4f64d60af8d",
+    "id": "bundle--bc5d14ea-6416-40f7-a75b-d56bf4ce20f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json b/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
index 3d981bb8af..d5f10f5ec5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f0f55063-961e-4be5-af91-6827d5fb1a24",
+    "id": "bundle--c692a9c5-5c08-4477-8616-7dcfeaca0390",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json b/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
index eb9fd05c72..cce2ea1127 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f636af3b-ce5f-4492-b427-619a4636ec4a",
+    "id": "bundle--b2081c84-49fe-4f89-842f-d06ee36b4694",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json b/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
index 22abb48672..adcd06f44a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eca61690-0441-44d5-8a15-bb6d6bf0c897",
+    "id": "bundle--14b8c66b-a55f-44bb-a571-bf698d4a23d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json b/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
index 4514911783..9eba81b134 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8f22e84-2c59-44e8-9efe-e1a4de6641f1",
+    "id": "bundle--1179a137-2ee0-4a07-b484-59e4e8adde10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json b/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
index f177d80118..662a5d4a4c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99478ad6-94d1-43d9-bf20-158340b87beb",
+    "id": "bundle--784eba6f-50ad-419c-b5be-d7c1f776b506",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json b/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
index 9299aacc27..815d3c39be 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--69b8425c-947b-46f6-b635-f53930c6aabd",
+    "id": "bundle--2ee881d5-864c-476c-8e77-d5341088aacb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json b/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
index 96b98cf92d..31c76f2fb6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b410df7c-eea6-40ef-8923-e814fd5e6a40",
+    "id": "bundle--11222e86-ea25-45ad-af7a-d58418554cd1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json b/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
index 0a99ece671..13add238ae 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72b2003d-251d-4743-bfc7-476d3a22fa6c",
+    "id": "bundle--a3b8e45b-fb27-4b4e-8a66-76093d6a4923",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json b/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
index aab6e37c3d..3bd8865cf6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6e44310-3129-4c3d-a206-ee38e1d95f46",
+    "id": "bundle--fdf54e75-95e0-41a3-8ee0-3768462d1ad2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json b/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
index 8a2b0d1151..bd0c68df4d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6eb34cd5-7e23-48fa-8c0b-84f1a44fdf6f",
+    "id": "bundle--dac9d2f7-ea97-43b6-bafe-eba8da7ab215",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json b/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
index 8ed2ba1af7..5ae59440cd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25540a01-85df-40d6-9cea-bb7f61f713d2",
+    "id": "bundle--fb4d19b9-549e-4256-a3f1-432d632c1efb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json b/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
index cea50bd658..c3c2ba16b1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f277168-48b1-4c5b-b591-cba44baa56be",
+    "id": "bundle--aefafd75-0fb6-4c2d-9e03-eff7ab10c3c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json b/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
index 45f007e46b..145e3f08c9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ed19290-ec8e-4aaf-bc94-b2739dfd9b84",
+    "id": "bundle--83204f3a-466a-4237-aaec-80997fb70336",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json b/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
index b9b56abd10..69381032b2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5aa74822-4996-4b67-b49a-968d5da02fc8",
+    "id": "bundle--ccd9a6fe-4de2-4e57-8efc-af9dc23ad906",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json b/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
index 0a10ac76e1..8f5dee022c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--508418fd-24ef-4cbf-9d99-f1d178d2236f",
+    "id": "bundle--6f8f3f24-e0ac-418c-a5e7-da8c5edd50b1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json b/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
index e682a43b3b..45771fd0c9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea0129fd-d061-4270-9987-35ea02fff4e6",
+    "id": "bundle--11689903-f64a-4bd8-8261-a095dc51cf35",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json b/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
index 15c232399c..48676cc6ce 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1fb5942f-6b18-4730-b6a2-a16db6de3511",
+    "id": "bundle--dc724a9c-0bb9-4e67-a5c9-3d3fb688f934",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json b/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
index f63cb34d2e..72cbb8addb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9bab645-ab02-4072-b55f-ca8cee0c8610",
+    "id": "bundle--d3bbd5a3-dbd1-495e-af5c-38a924a221ba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json b/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
index 3d7938874c..984f3b2ef9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a182b41-bb19-49a4-99e7-9ec6546f8605",
+    "id": "bundle--50696ee5-2bd7-492c-871f-218bdaaacea3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json b/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
index 052f1114bb..fc8e698c64 100644
--- a/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a0c10d8f-b106-4f50-ad34-bc6edc33c358",
+    "id": "bundle--41a1eaae-87e4-4bb3-85b0-a750b7a531b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json b/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
index 0278ea8454..177c233c01 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f76eef7-ebd9-4eff-974a-11bbe33fc9d6",
+    "id": "bundle--359a7149-d4a7-4ba6-96c7-bb555d1d5178",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json b/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
index 4a0b75c2ab..de76e688d6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--11268a13-4868-44dc-8b31-09f123724483",
+    "id": "bundle--a0b16799-dd0c-4bc5-ae2a-ee4d26ec4b1e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json b/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
index 81e2cdd6fe..91de4e9d6f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd7f7736-f615-4ed0-b7b5-f6dbdeda1dc9",
+    "id": "bundle--7f946d28-ffa9-48e9-978c-4cfa64c85533",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json b/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
index 56032dae13..37450fe731 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3724a2cf-f0e1-415a-97a5-da15e03f0bae",
+    "id": "bundle--9c3bd146-03dd-4dd0-9e78-a8e3d776fb57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json b/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
index e44b3d93b6..97cc3c232d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e1056a7-f409-4605-925c-c2eb1d3ee024",
+    "id": "bundle--56217f9b-b6c4-42e3-9240-88e33228e89f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json b/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
index 935cb2bd77..0b268609f2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd089df3-ffa6-4e34-b17a-e3d0d82ce317",
+    "id": "bundle--54e40de0-8b75-4a0d-b5b9-46bb9fd6df34",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json b/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
index 51245d4ba1..5de3e679c0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--170ad7ec-0b4b-4399-8d4b-dbd840e6a551",
+    "id": "bundle--e83f9664-b4a4-43e8-8146-0b000a8dc62c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json b/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
index 294bbf48e9..112be6f58c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--151dbf99-8e25-4edb-937f-1e910c6a243a",
+    "id": "bundle--25933274-c942-48bc-921f-631e4cbb482f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json b/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
index a6079c8bcf..d59d61462a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aad3be5f-c28b-44f1-aff1-14f2dba841fb",
+    "id": "bundle--9dbf984f-8031-4dee-a3db-8c73367c39c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json b/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
index 7d4195a380..6aae1896cc 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0db0fba-5ff6-4d22-9f07-8cb157068aa1",
+    "id": "bundle--e208176c-e4ce-4cc9-9005-2e1643406dab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json b/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
index fd9a1b6365..c77b666826 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c8f2355-4b97-41bb-a9a8-20d10b1d6499",
+    "id": "bundle--1be02b0a-6cd7-4892-8992-987f7dfc6a6d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json b/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
index 019e736ea9..fa9723a2d1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f0f78f89-bf82-4092-ae27-1e8c6fe5577e",
+    "id": "bundle--1c25481c-0e7c-41af-a03a-97e1b75b7ba0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json b/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
index 4e9676d4b7..5a100fa44f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc931634-49ad-4a7e-a3d6-298e28d0d0f4",
+    "id": "bundle--433b4d09-a250-4603-b36e-804281a9f1d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json b/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
index a7606b15f4..b37ea416a7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96ee430a-8886-4e91-bcdd-36d96b425f68",
+    "id": "bundle--b012da54-ad4e-4585-83df-de13a6c0e0ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json b/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
index 6095a7eb75..a4b00673c7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2cabd6a-3224-483e-ab46-c285bf7a7da2",
+    "id": "bundle--c194d6e6-111e-4c69-9a9f-be1b5f92a224",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json b/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
index a2f21c30e2..df1e1a4878 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e080a2d-8cb7-432d-87ee-86f294e8dec4",
+    "id": "bundle--5a32fc9f-9879-4112-8eeb-3c2efd8efdd9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json b/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
index f6c0e985e4..7c3a28507d 100644
--- a/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
+++ b/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1fb66823-6624-4be2-b2d3-c820cca12238",
+    "id": "bundle--637b46b8-8146-4635-878e-0f17f646cb91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json b/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
index f6f83914ba..8be427100d 100644
--- a/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
+++ b/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--932ff296-a0a9-4e5d-9ba9-857fa4b4def3",
+    "id": "bundle--c573ead3-04f5-4c38-9379-a9299fc069dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json b/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
index 6dbd565e80..2f19c8aeed 100644
--- a/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
+++ b/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8abe8172-62f5-4104-8a84-23e44567a561",
+    "id": "bundle--15fea9dd-e9f1-4463-84ac-0e57dda42e51",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json b/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
index 898f337abc..80f3a3ee0c 100644
--- a/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
+++ b/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e12835b3-7759-458b-9b55-1e32dc1aa7c4",
+    "id": "bundle--9df178e1-7e46-4aac-8d02-06d1dcbb0a7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json b/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
index 96d9292c6b..7c89f505b0 100644
--- a/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
+++ b/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--91ec942b-01f2-421c-bc1f-485bfce166e4",
+    "id": "bundle--b72a9ad0-cfc6-4fff-8be5-1ec72e2efc46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json b/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
index 6d3aa25d74..7e6a728a49 100644
--- a/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
+++ b/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--db0fd42d-b07f-4f42-9d5a-b48b303e802e",
+    "id": "bundle--3c40b91e-d0c1-4bde-bb2f-f1ee090eb9a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json b/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
index d69aae5659..654ae479b4 100644
--- a/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
+++ b/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca78ca9d-a761-4827-b70e-5f653149d0cc",
+    "id": "bundle--381c39ab-a5d4-4a89-8630-9382dd4d218d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json b/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
index d9c3720ea5..ffe8c2f01b 100644
--- a/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
+++ b/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--588eebf3-763b-4e18-b13d-e903855e3464",
+    "id": "bundle--2bbfd31b-d774-4eff-9888-1db0bdc297db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json b/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
index 3c5390276d..8b5c9cf53c 100644
--- a/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
+++ b/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b36a6cfa-1c56-4ddc-94d6-5f099309ba06",
+    "id": "bundle--176bd630-6879-437d-9700-820ec6aa9711",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json b/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
index 8aff46a063..0aac6fd839 100644
--- a/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
+++ b/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3c3bb39c-8ae7-4c5c-bcf5-e0ca57aec690",
+    "id": "bundle--b3833279-11c1-4eb7-96ef-bb7ece2cd419",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json b/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
index 037acc2ae2..fe1347be86 100644
--- a/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
+++ b/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b4676ed-c633-4f7c-9a6d-4689180e1004",
+    "id": "bundle--830d2874-a1cf-491c-b836-d17ee88f466f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json b/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
index 14b39c4346..92ce5ff3af 100644
--- a/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
+++ b/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8e678d2-db09-4d53-8e82-a37fed01e521",
+    "id": "bundle--607fa945-7666-4b80-87b8-10305e49fcf1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json b/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
index 5f3d7d290e..2549dc3751 100644
--- a/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
+++ b/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ee9c06cc-9fdb-4b1a-90eb-9c773713f5be",
+    "id": "bundle--eab8aec3-3b07-472a-9ea7-40b5e8dfe655",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json b/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
index 904d7cf61d..10e212108e 100644
--- a/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
+++ b/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--adb66af8-596e-44ec-88aa-8d3486543756",
+    "id": "bundle--7101ac28-e61d-49ab-adb9-5ab50c9f24cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json b/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
index c95c6fb11d..613369691e 100644
--- a/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
+++ b/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e0f6344c-423c-4258-8b13-a57ba1f48654",
+    "id": "bundle--2a5226a7-8c87-49c0-af04-5385331a0983",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json b/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
index e963a6fed3..0c35c90700 100644
--- a/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
+++ b/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d4f3d8b8-fd77-46d3-8fd1-74611fe34058",
+    "id": "bundle--c19523a1-29c9-4fb2-9f94-35ecf83cce7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json b/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
index fcc3231b08..9e95fa0608 100644
--- a/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
+++ b/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aad947ca-aefa-4857-97e4-cdd6c34b7aa1",
+    "id": "bundle--25c8b390-60d5-44dc-8796-8860f9991f2b",
     "spec_version": "2.0",
     "objects": [
         {
@@ -130,8 +130,8 @@
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
             "x_mitre_domains": [
-                "enterprise-attack",
                 "ics-attack",
+                "enterprise-attack",
                 "mobile-attack"
             ],
             "x_mitre_attack_spec_version": "3.1.0",
diff --git a/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json b/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
index 71ebe00242..8880c57f05 100644
--- a/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
+++ b/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72edeec6-4f95-4030-a11a-8b3fac9f0d42",
+    "id": "bundle--7c82c6d4-75d3-4002-b424-04c96d5c74a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json b/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
index eaf8ddb8c9..4eeae10664 100644
--- a/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
+++ b/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cec0651e-4f99-41f5-9116-27048ba53070",
+    "id": "bundle--9c5883ab-669e-4ed4-a2cb-a9a2447a22f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json b/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
index 5aa8e97f14..13dc5bf1ee 100644
--- a/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
+++ b/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4796fef6-7e92-49ea-bf2a-f28bedee984c",
+    "id": "bundle--7fc547b6-c94c-41ab-9743-392182aff60d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json b/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
index 9c48cdbe25..0e0379a690 100644
--- a/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
+++ b/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--69c7d348-7631-4d78-a21a-bb8225a5ea97",
+    "id": "bundle--ff9eff1c-ed23-460d-9ffb-cda4c583cb47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json b/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
index 4e4f3a2a0e..36e4653bcb 100644
--- a/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
+++ b/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8569f7a-0bdc-4979-82b8-9c1c4eb63b7c",
+    "id": "bundle--f5c3a1e8-8ba1-46ed-a222-f96ffbf14117",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json b/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
index 223b60f9a0..3a76d7bfa0 100644
--- a/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
+++ b/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9b0b703-d501-4c1f-ba6c-c495184cbd76",
+    "id": "bundle--c15b4cf3-aa90-45be-823b-4e487eb79524",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json b/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
index 3d0af9efee..7d3d250d64 100644
--- a/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
+++ b/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b42e3f9-8038-4eab-99e1-81b25a17da3e",
+    "id": "bundle--57f7e21e-562d-47f1-8943-9d01452c7d2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json b/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
index 1144c5c9d5..9636f0d5a4 100644
--- a/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
+++ b/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d7bd465f-3d1e-4ef5-aa41-8cc1dacd2275",
+    "id": "bundle--5ff2e917-8bbe-4331-8856-6c7ea7c4ec6f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json b/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
index fdabd7d7ee..b604bef0e5 100644
--- a/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
+++ b/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4cb28a40-a2e5-401c-85ee-88a4386f82ca",
+    "id": "bundle--76fcd982-8126-4e0e-b45c-9ae3a8725c2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json b/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
index 265a719dc0..b3a382c943 100644
--- a/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
+++ b/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7cdda25b-239c-458c-95f2-0d3b189d2458",
+    "id": "bundle--2879eeb7-7ae8-4427-a169-bf3189125418",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json b/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
index acad876cef..53b22433f8 100644
--- a/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
+++ b/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30a18cb5-3029-4e84-b7ff-c88726e4bd45",
+    "id": "bundle--f1cf39bb-ef09-4f3a-ab49-c4b9445f409d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json b/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
index e1bff78acd..5d563981e6 100644
--- a/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
+++ b/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4324ea19-fb17-4a83-9e48-6effd7ffd0a1",
+    "id": "bundle--5528cf9f-38af-4967-8e7d-b4d1a746e54e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json b/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
index 4717a728db..692d139633 100644
--- a/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
+++ b/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f2bf575-b61d-4a1a-a480-b9ce5867aae6",
+    "id": "bundle--e5c88e57-198d-4441-abb6-70ea2a8e408a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json b/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
index 391b348a3b..8e456f0850 100644
--- a/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
+++ b/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--187331c8-23f5-45dc-9515-fa3412a62035",
+    "id": "bundle--7db51091-9cab-48f4-b4bd-cd6a3f732a58",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json b/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
index aa94c8c347..86c3e91a53 100644
--- a/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
+++ b/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b57910b-0ad3-4064-b993-c36c1941597f",
+    "id": "bundle--5f03db16-72e5-4167-a3e1-ac0ee7d3ba2a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json b/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
index 005de210f6..e838e95545 100644
--- a/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
+++ b/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--284510ac-8744-4e37-b5ca-624c3ac0198a",
+    "id": "bundle--a5eb8d93-d28a-4a6c-975d-f8955a72c273",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json b/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
index 27a49dbcb1..e5bdc2782f 100644
--- a/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
+++ b/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c65c9d3-07ca-40f5-b16d-b3da297d4c4d",
+    "id": "bundle--3394ec8e-87c4-45bd-aa99-a1579f3f86da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json b/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
index 634e7a141b..7156926206 100644
--- a/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
+++ b/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98af6ae1-baad-4fbe-8e91-cb438cbc56d7",
+    "id": "bundle--bf391fe1-9a25-402a-b45b-82fead99edb9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json b/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
index 7c887858ff..5aef030d9b 100644
--- a/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
+++ b/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54a5aebd-1ac6-4140-bd3e-9c55716fbb65",
+    "id": "bundle--c50a956e-ecce-407a-be0a-9b949626d2bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json b/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
index baf45073ad..5ef1a736d3 100644
--- a/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
+++ b/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6d478dec-bd9c-4461-b862-da2823f7d98e",
+    "id": "bundle--e5cea4f3-f1d7-41df-9757-a10610df012c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json b/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
index 9605997971..1a8f43caac 100644
--- a/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
+++ b/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b50d69a5-7f85-482c-bddd-5ae5e419b2ab",
+    "id": "bundle--e2c13dcf-b3c2-4cc4-b18e-531e6346de72",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json b/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
index 43307bd116..f8888f95f1 100644
--- a/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
+++ b/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a815481-9694-4ac2-b8a8-9f4ec511062a",
+    "id": "bundle--625c2048-8ea8-48cf-834d-415b3ffc6346",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json b/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
index adc62786af..48f4263440 100644
--- a/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
+++ b/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef65f6a7-5776-4da9-ada4-71f59b0f6a06",
+    "id": "bundle--dd50ce6e-a2b5-41ed-a290-68a28eb4cfcd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json b/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
index e9b0e5fb4b..dd65e5ec37 100644
--- a/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
+++ b/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f36b7fc4-1c1b-42d0-8149-70519b20713b",
+    "id": "bundle--26d0b1b8-b678-4b2b-8e7a-881a06608342",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2aec175b-4429-4048-8e09-3ef6cbecfc64.json b/mobile-attack/malware/malware--2aec175b-4429-4048-8e09-3ef6cbecfc64.json
index a843e83d6a..ee61da4576 100644
--- a/mobile-attack/malware/malware--2aec175b-4429-4048-8e09-3ef6cbecfc64.json
+++ b/mobile-attack/malware/malware--2aec175b-4429-4048-8e09-3ef6cbecfc64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2dc9b85a-d714-4cf8-a0f3-3cfd364f02a3",
+    "id": "bundle--852ae637-8c61-448f-b3b5-1a4d92e9beeb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json b/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
index d5dc41c227..f78441e448 100644
--- a/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
+++ b/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bad0c76c-f3ef-49c7-9172-c22aca927bf1",
+    "id": "bundle--b77c17d3-ae43-490d-9989-420b6b9727c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json b/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
index 1571a3ec18..708541c86c 100644
--- a/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
+++ b/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84c41855-44dc-4d45-984c-3e4be06beda0",
+    "id": "bundle--bd696d62-8af8-433c-aa13-90735085ac48",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json b/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
index a20a4cadc5..7f51694bbc 100644
--- a/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
+++ b/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d456dcdd-2677-4650-9c8f-389f6ad88abb",
+    "id": "bundle--9842f376-d90d-4705-b0b6-135e1fb6ed34",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json b/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
index 20d63ded4f..844ed1a483 100644
--- a/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
+++ b/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7855baec-0854-4538-943a-6f188156ac1c",
+    "id": "bundle--28411bd5-b4de-4307-8630-5aeb5ac68356",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json b/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
index b439bde0a0..9970e42129 100644
--- a/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
+++ b/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca2afcef-18d2-4af9-b94c-1ac574106586",
+    "id": "bundle--815b49aa-accb-45a1-ad61-17d1863401c5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json b/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
index 9fdb60eb91..1d5c0c33ec 100644
--- a/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
+++ b/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c79ee664-d34d-4143-beb1-2c7b9205793f",
+    "id": "bundle--3a257722-aca9-4278-9ddc-78e4681a94f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json b/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
index b5dfdb1337..b449d08394 100644
--- a/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
+++ b/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd395e3b-3e19-486f-abe1-58935b91fd5b",
+    "id": "bundle--055dfbc1-3093-4d29-9376-32d9803399a4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json b/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
index c8f1da45c6..728016fcb1 100644
--- a/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
+++ b/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--239e5e99-cd54-4c48-905c-dc9e951307fb",
+    "id": "bundle--24d42bbf-e163-4028-ad39-db9fdc867ae3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json b/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
index 165ff1f2a3..220579e09a 100644
--- a/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
+++ b/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e187b81-1e04-4652-8ad7-f3f321b49b91",
+    "id": "bundle--67aa9091-62d0-43d1-ba3d-d7025649da7e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json b/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
index 6651183d5c..3cc8412158 100644
--- a/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
+++ b/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33445d77-1955-44b1-b1f0-fae6abfd2718",
+    "id": "bundle--1d42315c-8368-4a56-9201-535e1e8a28da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json b/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
index b8834f71ce..11e29ccb03 100644
--- a/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
+++ b/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70bf7784-31e6-4b6c-bc13-569028381676",
+    "id": "bundle--2a7a4d18-7cc7-4a95-b821-dcb39bfbdd83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json b/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
index e9752e2bda..4c78a99015 100644
--- a/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
+++ b/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1158a22b-cc26-4fe1-bea7-01293f116420",
+    "id": "bundle--2bec3cf3-c7dc-4300-832a-4b3855d554b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json b/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
index 0660e51ee9..3ab3036547 100644
--- a/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
+++ b/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--001000c5-9ef9-4010-addc-ac0729db353b",
+    "id": "bundle--39cb50f9-d713-43c6-8171-fc3722665d1b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--4b53eb01-57d7-47b4-b078-22766b002b36.json b/mobile-attack/malware/malware--4b53eb01-57d7-47b4-b078-22766b002b36.json
index 4ddace699f..2d9e7effef 100644
--- a/mobile-attack/malware/malware--4b53eb01-57d7-47b4-b078-22766b002b36.json
+++ b/mobile-attack/malware/malware--4b53eb01-57d7-47b4-b078-22766b002b36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7f2144c2-5ab0-4db2-82c9-d38dbcb6446a",
+    "id": "bundle--89dd569f-7b05-447e-8151-2e7911a11aa8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json b/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
index 4e369e12dd..fd2402a097 100644
--- a/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
+++ b/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c31cb7f9-c7cc-4ef0-b374-76dd6ca48877",
+    "id": "bundle--26b81283-4788-4d01-8b1d-fa9519d5f54c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json b/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
index b6eb53d3ba..010c3d9f44 100644
--- a/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
+++ b/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--19871378-e01d-40bc-80a8-c4813c5a7d60",
+    "id": "bundle--6c2b09c0-0980-4685-9bcf-04861664380b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json b/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
index 9c51151c71..71fe12f16e 100644
--- a/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
+++ b/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5ffa4d4-68ad-44fd-9f83-4b2a8b3201a1",
+    "id": "bundle--fdf693fa-daeb-4d2a-9057-2a4cdc0bdaef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json b/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
index 38cfd59f6f..0966e462bd 100644
--- a/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
+++ b/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3c156f2-008e-452a-9246-8e95c9d47d15",
+    "id": "bundle--7cd8c0ca-393f-42f6-a0b2-ad4473ca33d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json b/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
index 4a7ec0a58e..cda08490cf 100644
--- a/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
+++ b/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87202e20-b986-4bbc-bf0f-89254b239cf5",
+    "id": "bundle--b73f51da-4a16-499c-b52e-65ea4a898f0e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json b/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
index 51ce3a3c4d..d77c891b7f 100644
--- a/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
+++ b/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c39b9318-507a-41b8-b178-1add4ae6d6ab",
+    "id": "bundle--73842ea7-e8d6-44d2-89b5-e17c3cc29207",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json b/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
index 435d3ea657..6b332477e4 100644
--- a/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
+++ b/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa7cbc0e-9bcc-4b20-a780-622836d2449b",
+    "id": "bundle--23cff331-cc5e-44e4-9f0e-ff75ba38e76b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json b/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
index 22e8414227..075c343a74 100644
--- a/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
+++ b/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bcda9853-581d-4b7c-85a2-ba837df3fd2d",
+    "id": "bundle--e3c28bcd-fa0b-476f-9545-fe23adcc864b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json b/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
index e9e59e32cd..49a60b890c 100644
--- a/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
+++ b/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44f27543-2074-456c-817e-803dd50f7f7f",
+    "id": "bundle--aa99b109-0573-42b5-b889-cadca5361d9c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f.json b/mobile-attack/malware/malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f.json
index 114babc2c9..d92cc9151f 100644
--- a/mobile-attack/malware/malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f.json
+++ b/mobile-attack/malware/malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e9e3831-cad9-44a2-8263-67e22d982ac6",
+    "id": "bundle--6ff57f39-c5c1-46bb-9d7f-038093c85c8c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json b/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
index 4d8ac4c6da..241dcd4a8b 100644
--- a/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
+++ b/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a044e2a-632f-49ef-affd-7e6b5ad09eaf",
+    "id": "bundle--b3b8980d-38d6-435f-93bb-998abf1e08c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json b/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
index d5fe0fa19f..7996a7d076 100644
--- a/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
+++ b/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--723f3c06-2e0f-4225-8df8-11551dc35732",
+    "id": "bundle--40105c51-b144-420d-90e9-c27b4be270d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json b/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
index ed57d98022..2063b352ef 100644
--- a/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
+++ b/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a275c646-23bb-4fa0-8f8f-c1654a244bf8",
+    "id": "bundle--0d80d4cd-5790-4777-9ad8-ccd7acd9e024",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json b/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
index 54b51604bd..1b292f43ac 100644
--- a/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
+++ b/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--770b1a1a-a30b-4252-bfcb-6931e6859fbc",
+    "id": "bundle--d0eef57c-ff9e-4405-b19c-db501fe70522",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json b/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
index 17caa08b8b..d93faf5b35 100644
--- a/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
+++ b/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c0a69c6-77d2-4873-a672-2f132cfa2a65",
+    "id": "bundle--9de398bb-b902-491c-a125-4f28d0ae8f4e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json b/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
index d6a46252b8..105e89c97d 100644
--- a/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
+++ b/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ae95df1-941c-4ff7-b5e5-3a137b54aaea",
+    "id": "bundle--8b76cee9-0580-4381-8459-6cd461545467",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json b/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
index b3909ca04f..cb8e90c276 100644
--- a/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
+++ b/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9207f2da-21ec-4c38-8581-ff441a9cacee",
+    "id": "bundle--1d4351f7-6787-4bb1-99a4-7ac860ab8149",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json b/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
index b5dde4bd5f..873e8c907b 100644
--- a/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
+++ b/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb1d9bb2-8eb4-4d78-aff4-39136e40dd95",
+    "id": "bundle--4eb4a60d-267f-489c-9186-8e75a35ba442",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json b/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
index 0bd96284fb..e39503abf0 100644
--- a/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
+++ b/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--edf5fdfa-1c4d-4743-ae19-b2fad7897483",
+    "id": "bundle--41486315-cd28-433e-bbba-b8222b23d9b1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json b/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
index 0a4cc1a13a..d7e2792bea 100644
--- a/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
+++ b/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ad763ed3-b736-42ef-8073-c84b770b3bbf",
+    "id": "bundle--50705e7d-e39c-4cbc-824a-8b36ac86c5f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--9cd72f5c-bec0-4f7e-bb6d-296937116291.json b/mobile-attack/malware/malware--9cd72f5c-bec0-4f7e-bb6d-296937116291.json
index d5e282c84b..34e0888e3c 100644
--- a/mobile-attack/malware/malware--9cd72f5c-bec0-4f7e-bb6d-296937116291.json
+++ b/mobile-attack/malware/malware--9cd72f5c-bec0-4f7e-bb6d-296937116291.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa99a6f2-0739-4c65-af6c-58f118b33f5a",
+    "id": "bundle--038ff49f-31de-416a-9858-88c2f392b71f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json b/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
index 34b4b9545d..fa91a311de 100644
--- a/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
+++ b/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3b9acf6-a62a-46c7-9b40-1a71975b5342",
+    "id": "bundle--f41ad7de-97a1-4f94-8fd2-cbb5fe2cf44d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json b/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
index b26cbd6f28..54b1ceed75 100644
--- a/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
+++ b/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d12611a4-5b6a-4d61-9288-679ddad4822e",
+    "id": "bundle--1fd7d976-6540-40de-b0cf-01a5be61f920",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json b/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
index e98c510bfa..3d7da16c37 100644
--- a/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
+++ b/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c17d473f-a075-428c-8573-424180675193",
+    "id": "bundle--37b89d02-516d-4a83-9657-65823f4597eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json b/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
index baaea854ac..0a2a2c3ce9 100644
--- a/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
+++ b/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a225e53c-756f-4b00-b852-7d107ae99e65",
+    "id": "bundle--363e1611-2fba-4bf9-a72d-34915d44cd00",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json b/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
index 7b70996b98..8eba384284 100644
--- a/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
+++ b/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3bc63d3b-c50a-4fc6-8371-a2e770c97b3f",
+    "id": "bundle--19d7f108-520e-4663-9e2c-98bb1cf95d14",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json b/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
index 88de064b4d..64d578f6b2 100644
--- a/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
+++ b/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac52ac40-3106-4552-86f6-ad64ec255d5b",
+    "id": "bundle--a3a0f5e0-204c-4991-8957-5ed7a1fc95a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json b/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
index 12acd0a870..3e879c821c 100644
--- a/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
+++ b/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3663f8f1-d2ac-4b28-a33e-be7ca5d3a67f",
+    "id": "bundle--de65019e-6860-4c89-a406-2bb801d72ba0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json b/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
index 84726496fe..7bee296570 100644
--- a/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
+++ b/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bbd3f630-022b-47ce-a2a9-7f5671359169",
+    "id": "bundle--3edfeaa2-f972-4e01-9441-4b36b3ef28ea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json b/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
index 365ce48a73..b012e1f26b 100644
--- a/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
+++ b/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a7011c0-c5cf-4aa7-9652-495ad809349b",
+    "id": "bundle--062470c8-a31a-4183-901a-45d685404979",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json b/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
index 399548679b..20c7ead342 100644
--- a/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
+++ b/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6487d3de-8e1b-411a-86e2-bb0be5306dd3",
+    "id": "bundle--33c1d4c8-9f51-482e-9d44-4a80d1f17abd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json b/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
index 788c011916..61d9de34d4 100644
--- a/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
+++ b/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb2308c0-ac8f-4c4c-bd9e-a34df303489a",
+    "id": "bundle--94df2d37-6456-49a2-ace2-9683d0fd7345",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json b/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
index 8ee39147f6..b225116e8f 100644
--- a/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
+++ b/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b57475ea-50b9-43b4-a150-b91d4979498d",
+    "id": "bundle--61ceb2c7-7d85-45e5-8f86-4fcb256cdb12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json b/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
index 4f623b40ec..83853b65b7 100644
--- a/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
+++ b/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84a72a71-e4b7-4121-8ade-986fc0fcadd9",
+    "id": "bundle--0ae429c5-b2b3-4dd6-ab62-eb1e162318e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json b/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
index 7d9fbecff8..baaf0b5f09 100644
--- a/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
+++ b/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2dcbd6ba-ccd9-4cb6-9053-4eee9621398f",
+    "id": "bundle--d035a907-d888-4909-84e1-56be02857455",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json b/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
index 3a7e217d42..3316ebf0fa 100644
--- a/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
+++ b/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--230e6ae1-d1cc-42be-885e-6deff798a719",
+    "id": "bundle--568445c5-ba3f-42f5-a61b-2b6c1b80db71",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json b/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
index c36450406a..d7f75b2394 100644
--- a/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
+++ b/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d64c473f-4fe0-4fbc-8b32-fd2fb89560f5",
+    "id": "bundle--6fdf805c-cb19-4939-ba96-f302d0e85d6f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json b/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
index c232445dc6..5f10c38a0a 100644
--- a/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
+++ b/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--62dcbbf5-164f-49c3-8772-76a067243b9d",
+    "id": "bundle--4e6d1181-2e52-485d-aafa-f1e74094a0b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json b/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
index b9f3d8fe17..91eb89fae3 100644
--- a/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
+++ b/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1f6ce0d-cc4f-4482-9e34-46decb43477b",
+    "id": "bundle--8068635a-ed0d-4cde-9d3d-2fd70e2e5ce7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json b/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
index e1937260b8..bce0835306 100644
--- a/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
+++ b/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52da02ff-7071-4471-b9dd-a6e63f54276a",
+    "id": "bundle--f6bed46f-8959-4b91-a8ed-930e091cc3b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json b/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
index 21692ac04a..eba4e12901 100644
--- a/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
+++ b/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--656675d8-5e83-4760-beba-3db46032cd08",
+    "id": "bundle--db7b04e7-f6a0-4222-b056-a78f6b3e4cfe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json b/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
index c1d864cd35..90dd5dba8a 100644
--- a/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
+++ b/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8bb72160-b088-4c1d-bea1-04e5c4473449",
+    "id": "bundle--50d98910-a2ca-4905-b12a-dc19838f39fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json b/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
index 4b6c4e494f..fce22b1cea 100644
--- a/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
+++ b/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f04b72ec-459c-4925-8ab1-13b8077819e2",
+    "id": "bundle--a7defb13-9aec-42b0-bc62-24ee9bf251a7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json b/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
index a424cb0f24..bc832a2e54 100644
--- a/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
+++ b/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae4a21da-f32c-4e74-9287-cfa9738e0b32",
+    "id": "bundle--5f94a680-b843-471f-9c9c-a8d41e9a4245",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json b/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
index 88e210b6d5..2fdb7941a6 100644
--- a/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
+++ b/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c79aba16-a3cb-499a-a55b-54ff1b9f6173",
+    "id": "bundle--8c094989-32f9-4ebe-bcde-f2db23e919ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe.json b/mobile-attack/malware/malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe.json
index 46256caaa2..19f37ccf31 100644
--- a/mobile-attack/malware/malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe.json
+++ b/mobile-attack/malware/malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a9b12d1b-76b1-4ebe-b3a1-ccad6f91ebb4",
+    "id": "bundle--b8248a25-a1fe-45d7-a32c-0b130c873e58",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json b/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
index cb35261415..6313c0999b 100644
--- a/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
+++ b/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5623511-4bcc-4b83-a3ad-7085918eb43e",
+    "id": "bundle--c5127a3a-708d-467f-9759-2a60ec9bc2dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json b/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
index 5dcc2c3962..f6c3e6f08d 100644
--- a/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
+++ b/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6426aa7a-c55c-4bc8-b67d-848564d2817d",
+    "id": "bundle--36b2624e-e050-438d-bc53-e3909dd8c1b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json b/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
index 4418dfccc5..89dc5d594e 100644
--- a/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
+++ b/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b03c9e9-289e-4849-8ff4-c0247da42ef8",
+    "id": "bundle--3cf2da12-04c0-44cc-877c-e1ee509631c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json b/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
index c57b249f68..d7c985cd81 100644
--- a/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
+++ b/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--16ef0a29-bd33-4246-8d86-4f8907cac5b9",
+    "id": "bundle--e4f81d96-b564-4651-a405-e3d881295b08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json b/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
index feccd7342b..863940ea54 100644
--- a/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
+++ b/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5862a0c5-059c-44a4-997f-d4f7bf939c0f",
+    "id": "bundle--891abd3a-ef78-425c-afa8-467e169c6334",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json b/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
index 7dbf62ab95..530aaf65f6 100644
--- a/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
+++ b/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bca60d12-0f38-4c7d-97e3-a1fb493b2ec6",
+    "id": "bundle--96119e33-cae1-49ae-9909-8352cafa11cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json b/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
index b5e3d8c50d..04b74f68d0 100644
--- a/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
+++ b/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3adeb086-85e5-4ca2-9075-4686ebde5d9a",
+    "id": "bundle--ef95d125-49e0-497a-8da3-4fb05fd50782",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json b/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
index 47407b4e6a..5dbbf90752 100644
--- a/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
+++ b/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5482dfb5-1975-4cdc-bab1-54ddbc861eec",
+    "id": "bundle--a831de87-12ec-420b-afbe-34ed0f3b271c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json b/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
index 85c4c7af43..897e46bd73 100644
--- a/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
+++ b/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c43e072d-2596-4dd6-92c4-2f4b6cb7f695",
+    "id": "bundle--214da390-f24d-49cf-9fd9-cdbbb21ffb9a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc.json b/mobile-attack/malware/malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc.json
index 942c4e08a3..5af8cd710e 100644
--- a/mobile-attack/malware/malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc.json
+++ b/mobile-attack/malware/malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b1f70c1-cb5a-4f27-a415-1e5ef5c371e8",
+    "id": "bundle--912a39c2-3745-4ee9-a785-48f50bc6f67a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json b/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
index 1aec6d2dda..12abe47795 100644
--- a/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
+++ b/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d527ab1-d0fb-4a86-a3d0-136ba50c587f",
+    "id": "bundle--80900544-0db5-49f8-93ae-b55f51ef2857",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json b/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
index 199bf26d39..7a2ae16882 100644
--- a/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
+++ b/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ee9cff7-3a62-406b-a2fa-08de4666cf64",
+    "id": "bundle--c425f8c2-81a7-4a32-ad1a-b0aa254b2a63",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json b/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
index b379147ff3..503b886d05 100644
--- a/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
+++ b/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ae8186b-daa9-44d9-b145-815227431797",
+    "id": "bundle--901aeb88-7782-44de-bd8e-e037b0b9e31e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json b/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
index 997ba60e9e..67825a862b 100644
--- a/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
+++ b/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--35c92d39-4d42-4dd6-8427-0647f06e2134",
+    "id": "bundle--38a2f7aa-63c9-4826-acb9-ca14e9dc0a0f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json b/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
index 3d78c4ed6f..2909f49509 100644
--- a/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
+++ b/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ff09465-61eb-4d20-8f0f-92717f6bdfe9",
+    "id": "bundle--1a0a7a55-92dd-4a22-958c-67895909c532",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6.json b/mobile-attack/malware/malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6.json
index eaa195a7eb..40949a2fda 100644
--- a/mobile-attack/malware/malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6.json
+++ b/mobile-attack/malware/malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--60762e3c-c579-4baf-b1f4-e918782ddffe",
+    "id": "bundle--88766868-8743-4f63-9ebc-2b700500db46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json b/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
index 38f0cce506..542ecb8b41 100644
--- a/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
+++ b/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c0e92ec-98c5-4ebd-ab81-8ef2dba9b339",
+    "id": "bundle--c4fed240-1a26-498f-a99d-262b353e498a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json b/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
index ed6a368dc0..d9987aa324 100644
--- a/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
+++ b/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40f4b132-a902-4886-9594-700eabd942c5",
+    "id": "bundle--a575a2cd-8a18-4760-9605-4012abb89a98",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json b/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
index 45f2de4b45..f640d09b37 100644
--- a/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
+++ b/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
@@ -1,11 +1,11 @@
 {
     "type": "bundle",
-    "id": "bundle--c9f69b17-956f-4c27-bd6e-0f7a0a44c002",
+    "id": "bundle--4523d20e-c390-45e6-81df-70917688e607",
     "spec_version": "2.0",
     "objects": [
         {
             "definition": {
-                "statement": "Copyright 2015-2022, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation."
+                "statement": "Copyright 2015-2023, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation."
             },
             "id": "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168",
             "type": "marking-definition",
diff --git a/mobile-attack/mobile-attack.json b/mobile-attack/mobile-attack.json
index f44b46c8d5..33bd6ad674 100644
--- a/mobile-attack/mobile-attack.json
+++ b/mobile-attack/mobile-attack.json
@@ -1,6 +1,6 @@
 {
   "type": "bundle",
-  "id": "bundle--83885769-b47c-407b-83be-625d5420172c",
+  "id": "bundle--eb94af3a-7838-4380-9f08-5d9142bc7b40",
   "objects": [
     {
       "tactic_refs": [
@@ -14088,133 +14088,142 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531",
       "type": "relationship",
-      "id": "relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330",
-      "created": "2022-04-01T15:01:53.321Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores.",
-      "modified": "2022-04-01T15:01:53.321Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e",
-      "created": "2023-03-16T18:26:45.940Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:26:45.940Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--19b95b83-bac0-455f-882f-0209abddb76f",
-      "created": "2022-04-05T20:11:35.619Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Applications that properly encrypt network traffic may evade some forms of AiTM behavior. ",
-      "modified": "2022-04-05T20:11:35.619Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--97408547-bacd-4308-a8be-556e9ff04951",
-      "created": "2023-03-20T18:55:23.628Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:55:23.628Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059",
-      "created": "2023-03-20T18:51:23.032Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:23.032Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257",
-      "type": "relationship",
-      "created": "2020-10-29T17:48:27.469Z",
+      "created": "2019-08-07T15:57:13.417Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
         }
       ],
-      "modified": "2020-10-29T17:48:27.469Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)",
+      "modified": "2019-09-15T15:36:42.340Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query various details about the device, including phone number, country, mobile operator, model, root availability, and operating system version.(Citation: Kaspersky Riltok June 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090",
-      "created": "2023-03-20T18:58:30.773Z",
+      "id": "relationship--4fc165fd-185e-4c70-b423-c242cf715510",
+      "created": "2019-10-07T16:32:27.127Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:55:21.480Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) checks if it is running in an analysis environment.(Citation: securelist rotexy 2018) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--69de3f7e-faa7-4342-b755-4777a68fd89b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) is capable of recording device phone calls.(Citation: Zscaler-SuperMarioRun)",
+      "modified": "2022-05-20T17:13:16.508Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9",
+      "created": "2021-10-01T14:42:49.170Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:26:02.260Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) enables remote control of the victim through SMS channels.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc",
+      "created": "2023-03-20T18:37:57.767Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:58:30.773Z",
+      "modified": "2023-03-20T18:37:57.767Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -14225,9 +14234,55 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0",
+      "id": "relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223",
       "type": "relationship",
-      "created": "2020-04-24T15:12:11.185Z",
+      "created": "2020-11-20T16:37:28.610Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.610Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has been distributed in two stages.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.885Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.885Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device’s location.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.503Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -14236,238 +14291,81 @@
           "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
         }
       ],
-      "modified": "2020-04-24T15:12:11.185Z",
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) requests permissions to use the device camera.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2020-04-24T15:06:33.503Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can record MP4 files and monitor calls.(Citation: TrendMicro Coronavirus Updates)",
       "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1",
-      "created": "2023-01-18T19:13:15.991Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:11:24.686Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) has code to use Firebase Cloud Messaging for receiving C2 instructions.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--14143e21-51bf-4fa7-a949-d22a8271f590",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.780Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record audio using the device microphone.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) gathers audio from the microphone.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
       "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0",
+      "created": "2023-02-28T20:30:01.082Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:24:55.047Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) requests Android Device Administrator access.(Citation: TrendMicro-XLoader)",
+      "modified": "2023-03-31T22:08:11.662Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can retrieve the contacts list from an infected device.(Citation: proofpoint_flubot_0421)",
       "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:23:04.150Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted the full contents of text messages.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8",
-      "created": "2019-11-21T16:42:48.437Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:22:18.013Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect SMS messages.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:24:38.256Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uploads incoming SMS messages to a remote command and control server.(Citation: FireEye-RuMMS)",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651",
-      "created": "2023-04-11T19:54:52.711Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-11T19:54:52.711Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can programmatically tap the screen or swipe.(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3",
-      "created": "2020-07-20T13:27:33.486Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:54:25.851Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s contact list.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f",
+      "created": "2022-04-01T18:52:13.171Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
+      "modified": "2022-04-01T18:52:13.171Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a",
+      "created": "2020-01-27T17:05:58.265Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:27:51.998Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s call log.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -14476,833 +14374,34 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--271a311f-71bc-4558-a314-0edfbec44b64",
       "type": "relationship",
-      "created": "2019-11-21T16:42:48.495Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2019-11-21T16:42:48.495Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) collects device information, including the device model and OS version.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8",
-      "created": "2022-04-15T15:57:32.958Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--f0e39856-4d2d-45c5-bf16-f683ee993010",
+      "created": "2022-03-30T18:18:15.915Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
       "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:21:49.009Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can enable app installation from unknown sources.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "description": "",
+      "modified": "2022-03-30T18:18:15.915Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2",
       "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d",
-      "created": "2022-04-01T17:06:06.950Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to location information. Users should also protect their account credentials and enable multi-factor authentication options when available. ",
-      "modified": "2022-04-01T17:06:06.950Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.593Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.593Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has seen native libraries used in some reported samples (Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.617Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.617Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect account information stored on the device.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.624Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.624Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can dynamically load additional functionality.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2",
-      "created": "2023-03-20T18:48:39.857Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:48:39.857Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f6098dca-3a9e-4991-8d51-1310b12161b6",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) uses SMS for command and control.(Citation: Lookout-PegasusAndroid)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.217Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.305Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) has utilized JavaScript within WebViews that loaded a URL hosted on a Bread-controlled server which provided functions to run. [Bread](https://attack.mitre.org/software/S0432) downloads billing fraud execution steps at runtime.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Gooligan Citation",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
-        }
-      ],
-      "modified": "2019-10-10T15:18:51.154Z",
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) executes Android root exploits.(Citation: Gooligan Citation)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.448Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-15T19:56:50.651Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about the compromised device, including phone number, network operator, OS version, device model, and the device registration country.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:22:32.033Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather SMS messages.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.351Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.351Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect a list of installed applications.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c1512591-7440-4a69-93b9-fe439a4c197e",
-      "created": "2022-03-28T19:40:40.860Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-28T19:40:40.860Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--506d657b-1634-442e-8179-7187f82feb3a",
-      "created": "2020-12-24T21:55:56.691Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:38:17.926Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the call logs.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2cdd5474-620c-499e-8b9c-835505febc2c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:00:45.438Z",
-      "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d89c132d-7752-4c7f-9372-954a71522985",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca",
-      "created": "2019-09-03T19:45:48.510Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:10:15.827Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two collects a list of nearby base stations.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--09c6bbd4-9058-4657-9d8e-656439637ac6",
-      "created": "2023-03-16T18:32:47.895Z",
+      "id": "relationship--8c7598a6-6046-491d-99a7-52c31974a9a9",
+      "created": "2023-03-20T18:57:40.504Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-16T18:32:47.895Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.975Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-10-14T17:51:38.054Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) queries the device for metadata such as make, model, and power levels.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.035Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        },
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.035Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect device information, such as the default SMS app and device locale.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4af26643-880f-4c34-a4a8-23e89b950c9d",
-      "created": "2019-09-04T15:38:56.883Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:18:38.582Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect the device calendars.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348",
-      "created": "2022-04-20T17:42:11.714Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "url": "https://www.wandera.com/reddrop-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:40:15.440Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses standard HTTP for exfiltration.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415",
-      "created": "2022-03-30T14:50:07.291Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect unauthorized operating system modifications.",
-      "modified": "2022-03-30T14:50:07.291Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4df6a22e-489f-400c-b953-cc53bfb708a3",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.296Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s iOS version can collect device information.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.900Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.900Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s IMEI, phone number, and country.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91",
-      "created": "2020-12-18T20:14:47.369Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020.",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:48:00.045Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has registered several broadcast receivers.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.021Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.512Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can check the device’s battery status.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2",
-      "created": "2023-03-20T18:51:44.864Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:44.864Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee",
-      "created": "2020-11-24T17:55:12.895Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can show a phishing WebView pretending to be a Google service that collects credit card information.(Citation: Talos GPlayed)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.407Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.407Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has gathered the device manufacturer, model, and serial number.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2",
-      "created": "2023-03-20T18:59:57.364Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:59:57.364Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-10-15T19:44:36.125Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50",
-      "created": "2020-06-26T15:32:25.025Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:52:43.629Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain the device’s contact list.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97",
-      "created": "2023-02-06T19:06:37.359Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:06:37.359Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can receive files from the C2 at runtime.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ed7e9368-004c-484f-9eed-03b158325564",
-      "created": "2023-03-20T18:54:40.401Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:54:40.401Z",
+      "modified": "2023-03-20T18:57:40.504Z",
       "description": "",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -15313,243 +14412,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02",
       "type": "relationship",
-      "id": "relationship--eb784dcf-4188-47e2-9217-837b262acfb9",
-      "created": "2022-04-01T18:43:01.860Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-01T18:43:01.860Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56",
-      "created": "2020-06-26T15:32:25.045Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:27:05.040Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect SMS messages from a device.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.495Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted application strings using AES in ECB mode and Blowfish, and stored strings encoded in hex during Operation BULL. Further, in Operation BULL, encryption keys were stored within the application’s launcher icon file.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9",
-      "created": "2020-04-08T15:51:25.149Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:30:28.587Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can download the device’s contact list.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.495Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.495Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect device photos and credentials from other applications.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7",
-      "created": "2022-04-15T16:00:43.483Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:52:33.829Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can turn off `VerifyApps`, and can grant Device Administrator permissions via commands only, rather than using the UI.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443",
-      "created": "2020-07-20T13:49:03.676Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has fetched its C2 address from encoded Twitter names, as well as Instagram and Tumblr.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "modified": "2022-04-20T17:58:16.567Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.903Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.903Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has base64-encoded the exfiltrated data, replacing some of the base64 characters to further obfuscate the data.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--716f68ee-1e77-4254-8f67-d8f3c71db678",
-      "type": "relationship",
-      "created": "2021-09-20T13:59:00.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2021-09-20T13:59:00.498Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via phone call from a set of \"control phones.\"(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--442dd700-2d7d-4cad-8282-9027e4f69133",
-      "created": "2022-03-30T20:31:41.927Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
-      "modified": "2022-03-30T20:31:41.927Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.397Z",
+      "created": "2020-12-17T20:15:22.452Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -15558,588 +14423,35 @@
           "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
         }
       ],
-      "modified": "2020-12-17T20:15:22.397Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)",
+      "modified": "2020-12-17T20:15:22.452Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)",
       "relationship_type": "uses",
       "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.062Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.062Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain a list of installed applications.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f",
-      "created": "2020-06-24T18:24:35.707Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:30:27.616Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device’s keychain.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.495Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.495Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can track the device’s location.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14",
-      "created": "2020-06-26T15:32:25.043Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:53:04.417Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) disables Google Play Protect to prevent its discovery and deletion in the future.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.451Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.451Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect the device’s ID.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f",
-      "created": "2022-04-01T12:50:48.459Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T12:50:48.459Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a",
-      "created": "2022-04-01T14:51:51.593Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications. ",
-      "modified": "2022-04-01T14:51:51.593Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c",
-      "type": "relationship",
-      "created": "2020-01-21T15:29:27.041Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2020-01-21T15:29:27.041Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can download attacker-specified files.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.229Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.229Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect and record audio content.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-WireLurker",
-          "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[WireLurker](https://attack.mitre.org/software/S0312) monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.(Citation: PaloAlto-WireLurker)",
-      "relationship_type": "uses",
-      "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394",
-      "created": "2021-02-08T16:36:20.639Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:07:15.780Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has region-locked their malicious applications during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7d481598-ece7-469c-b231-619a804c25e5",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:34:25.318Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures SMS messages that the victim sends or receives.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.210Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two attempts to connect to port 22011 to provide a remote reverse shell.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b5586b9-75ee-476f-b3eb-49878254302c",
-      "type": "relationship",
-      "created": "2019-07-16T14:33:12.117Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "modified": "2020-04-27T16:52:49.643Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) is able to modify code within the com.android.systemui application to gain access to `GET_REAL_TASKS` permissions. This permission enables access to information about applications currently on the foreground and other recently used apps.(Citation: Google Triada June 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2e7f8995-93ae-41bb-9baf-53178341d93e",
-      "created": "2021-02-08T16:36:20.630Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:06:00.885Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has deployed anti-analysis capabilities during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9",
-      "created": "2022-04-05T19:52:32.201Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:52:32.201Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--82a51cc3-7a91-43b0-9147-df5983e52b41",
-      "created": "2020-12-14T15:02:35.208Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:08:11.798Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has communicated with the C2 using HTTP POST requests.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--17558571-7352-470b-b728-0511fb3f699d",
-      "type": "relationship",
-      "created": "2019-10-18T15:51:48.484Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:02:13.534Z",
-      "description": "Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf",
-      "created": "2023-03-20T15:46:49.646Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:46:49.646Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Xiao-ZergHelper",
-          "description": "Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[ZergHelper](https://attack.mitre.org/software/S0287) attempts to extend its capabilities via dynamic updating of its code.(Citation: Xiao-ZergHelper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a936488-526c-40c1-b2d5-490052cb0e73",
-      "created": "2020-12-31T18:25:05.162Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:22:53.698Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055",
-      "created": "2020-01-27T17:05:58.310Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:28:20.439Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect SMS messages.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--33316f49-f1fb-453a-9ba7-d6889982a010",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.459Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.516Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can obtain a list of installed applications.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--694857ba-92e8-462e-8900-a9f6fdcf495d",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.133Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.133Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
       "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c",
-      "created": "2019-09-03T20:08:00.687Z",
+      "id": "relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60",
+      "created": "2020-11-24T17:55:12.828Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Talos Gustuff Apr 2019",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:31:38.319Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) can intercept two-factor authentication codes transmitted via SMS.(Citation: Talos Gustuff Apr 2019) ",
+      "modified": "2023-04-05T17:21:27.210Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can access the device’s contact list.(Citation: Talos GPlayed)",
       "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -16147,43 +14459,24 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d",
-      "created": "2023-03-20T15:55:09.279Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:55:09.279Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4009ff40-4616-4b1c-bff9-599e52ccab37",
-      "created": "2020-01-27T17:05:58.263Z",
+      "id": "relationship--a20581b4-21fa-4ed9-b056-d139998868e8",
+      "created": "2019-09-04T14:28:15.970Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:28:34.373Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s contact list.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2023-04-05T19:52:44.819Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the device's contact list.(Citation: Lookout-Monokle)",
       "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -16194,155 +14487,71 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5b670281-0054-42b4-8e54-ea01a692f5bf",
+      "id": "relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f",
       "type": "relationship",
-      "created": "2021-10-01T14:42:48.900Z",
+      "created": "2020-12-24T22:04:28.002Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2021-10-01T14:42:48.900Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)",
+      "modified": "2020-12-24T22:04:28.002Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.597Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "source_name": "FortiGuard-FlexiSpy"
-        }
-      ],
-      "modified": "2019-09-10T14:59:25.979Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) encrypts its configuration file using AES.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d4a5a902-231e-4878-ad5b-39620498b018",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.941Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.589Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record audio from the device's microphone and can record phone calls, specifying the output audio quality.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000",
-      "created": "2022-03-30T15:13:42.462Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T15:13:42.462Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a808c887-b2b8-4b05-9cab-47c918e48d48",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.257Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.257Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can send SMS messages from compromised devices.(Citation: Securelist Asacub) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
       "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a5b72279-f99e-4f03-8669-04322b40ee6b",
       "type": "relationship",
-      "id": "relationship--15065492-1aef-4cf8-af3c-cc763eee5daf",
-      "created": "2020-09-24T15:34:51.213Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "modified": "2020-07-20T13:49:03.710Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) loads an encrypted DEX code payload.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a8565c17-7054-4d3f-bca5-6e17dc931491",
+      "created": "2023-03-03T16:20:08.033Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:49:32.064Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can detect if it is being ran on an emulator.(Citation: Lookout-Dendroid)",
+      "modified": "2023-03-03T16:20:08.033Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has used private APIs to download and install other pieces of itself, as well as other malicious apps. (Citation: paloalto_yispecter_1015)",
       "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
+      "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0",
-      "created": "2022-04-01T16:52:03.322Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T16:52:03.322Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
-      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -16350,19 +14559,23 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--3c291ee5-1782-4e5b-8131-5188c7388f45",
       "type": "relationship",
-      "id": "relationship--88ded3fb-759e-4e96-946b-e7148c54856e",
-      "created": "2022-04-08T16:29:30.371Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-08T16:29:30.371Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers the device phone number and IMEI and transmits them to a command and control server.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -16396,49 +14609,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--119b848b-84b4-4f86-a265-0c9eb8680072",
-      "created": "2021-10-01T14:42:49.171Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-18T19:01:58.546Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070",
-      "created": "2022-04-15T17:18:44.185Z",
+      "id": "relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c",
+      "created": "2022-04-06T15:52:07.805Z",
       "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) obfuscated command information using a custom base85-based encoding.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T17:18:44.185Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "description": "",
+      "modified": "2022-04-06T15:52:07.805Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -16447,14 +14627,15 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--cc49561f-8364-4908-9111-ad3a6dcd922c",
+      "id": "relationship--17558571-7352-470b-b728-0511fb3f699d",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2019-10-18T15:51:48.484Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "modified": "2020-06-24T15:02:13.534Z",
+      "description": "Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -16462,51 +14643,150 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223",
       "type": "relationship",
-      "created": "2020-11-20T16:37:28.610Z",
+      "id": "relationship--204e30ed-5e69-400b-a814-b77e10596865",
+      "created": "2022-04-06T15:50:42.481Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:50:42.481Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78",
+      "type": "relationship",
+      "created": "2019-10-10T15:17:00.972Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "source_name": "FlexiSpy-Features"
         }
       ],
-      "modified": "2020-11-20T16:37:28.610Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has been distributed in two stages.(Citation: Symantec GoldenCup)",
+      "modified": "2019-10-14T18:08:28.666Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can monitor device photos and can also access browser history and bookmarks.(Citation: FlexiSpy-Features)",
       "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402",
-      "created": "2021-10-01T14:42:49.178Z",
+      "id": "relationship--022e941f-30c3-45a9-9f6f-36e704b80060",
+      "created": "2020-04-24T17:46:31.574Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "SecureList BusyGasper",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:25:39.509Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)",
+      "modified": "2023-04-05T17:44:13.361Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) registers for the `SCREEN_ON` and `SMS_DELIVER` intents to perform actions when the device is unlocked and when the device receives an SMS message.(Citation: SecurityIntelligence TrickMo)",
       "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea",
+      "created": "2022-03-30T19:32:43.015Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.",
+      "modified": "2022-03-30T19:32:43.015Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a",
+      "created": "2020-07-27T14:14:56.996Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:19:00.199Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can inject code into the Setup Wizard at runtime to extract CAPTCHA images. [Zen](https://attack.mitre.org/software/S0494) can inject code into the `libc` of running processes to infect them with the malware.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd",
+      "created": "2023-03-20T15:40:11.819Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:40:11.819Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bee919a6-c488-49a0-9848-fff19aa2c276",
+      "type": "relationship",
+      "created": "2021-09-24T14:47:34.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-04T20:08:48.556Z",
+      "description": "Mobile security products can often detect rooted devices.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -16531,8 +14811,323 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645",
       "type": "relationship",
-      "id": "relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33",
+      "created": "2021-02-08T16:36:20.655Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.410Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included phone call and audio recording capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d995dfff-e4b2-4e07-8e76-b064354f591a",
+      "created": "2022-04-01T12:49:32.365Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar. ",
+      "modified": "2022-04-01T12:49:32.365Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798",
+      "type": "relationship",
+      "created": "2020-10-29T19:01:13.854Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Microsoft MalLockerB",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:01:13.854Z",
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has employed both name mangling and meaningless variable names in source. [AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. (Citation: Microsoft MalLockerB)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38",
+      "type": "relationship",
+      "created": "2020-05-11T16:37:36.616Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
+        }
+      ],
+      "modified": "2020-05-11T16:37:36.616Z",
+      "description": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--82a51cc3-7a91-43b0-9147-df5983e52b41",
+      "created": "2020-12-14T15:02:35.208Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:08:11.798Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has communicated with the C2 using HTTP POST requests.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d3e06522-2a30-4d56-801e-9461178b80ce",
+      "created": "2021-01-05T20:16:20.412Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:45:54.913Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can hide its icon after launch.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6",
+      "created": "2022-03-30T15:18:21.256Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T15:18:21.256Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.699Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.839Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures audio from the device microphone.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.514Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.514Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can list all hidden files in the `/DCIM/.dat/` directory.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a936488-526c-40c1-b2d5-490052cb0e73",
+      "created": "2020-12-31T18:25:05.162Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:22:53.698Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5619e263-d48c-47a5-ab68-8677fe080a15",
+      "created": "2022-03-30T14:42:27.821Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:42:27.821Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Xiao-ZergHelper",
+          "description": "Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[ZergHelper](https://attack.mitre.org/software/S0287) attempts to extend its capabilities via dynamic updating of its code.(Citation: Xiao-ZergHelper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d4a5a902-231e-4878-ad5b-39620498b018",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.941Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.589Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record audio from the device's microphone and can record phone calls, specifying the output audio quality.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d7ca70d4-2006-4252-b243-e52be760e24d",
+      "created": "2022-04-01T13:26:39.773Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Access to SMS messages is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their SMS messages. ",
+      "modified": "2022-04-01T13:26:39.773Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
@@ -16546,541 +15141,23 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:53:38.161Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects contact list information.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2023-04-05T20:29:18.098Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) captures SMS messages.(Citation: Lookout-EnterpriseApps)",
       "relationship_type": "uses",
       "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a54c8c09-c849-4146-a7cc-158887222a6d",
-      "created": "2020-12-24T21:45:56.969Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:15:05.454Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access SMS messages.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "type": "relationship",
-      "id": "relationship--57293fc9-8838-4acd-a16f-48f516d0921e",
-      "created": "2020-04-08T15:51:25.122Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:29:51.699Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80",
       "type": "relationship",
-      "id": "relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd",
-      "created": "2022-04-01T15:02:43.475Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:02:43.475Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb",
-      "created": "2020-09-11T16:22:03.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:58:57.686Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s cell tower information.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f857935b-653a-4b9a-a2dc-59c042059a39",
-      "created": "2023-03-20T15:56:04.673Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:56:04.673Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57",
-      "type": "relationship",
-      "created": "2020-04-08T15:51:25.120Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:51:25.120Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-Skygofree",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via binary SMS.(Citation: Kaspersky-Skygofree)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fb587f81-1300-438d-a33b-f8d08530788b",
-      "created": "2019-07-10T15:35:43.704Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:41:13.182Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) exfiltrates data using HTTP.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c86918a3-6e41-4dfb-8b18-650fff596801",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.207Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.207Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro-RCSAndroid",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:23:38.651Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect SMS, MMS, and Gmail messages.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4b7e117b-0c82-49d0-bee6-119158b3355b",
-      "created": "2023-02-28T20:32:37.800Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T20:32:50.168Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can disable Google Play Protect to prevent detection.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d",
-      "created": "2023-03-15T16:34:51.794Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:34:51.794Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de",
-      "created": "2023-03-20T15:57:00.953Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:57:00.953Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a",
-      "created": "2023-03-20T18:53:52.174Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:52.174Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4920a041-86f7-495b-896c-4d964950ed7e",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.454Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.454Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has contained native libraries.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b19082d2-c151-45dd-8844-82335fbe3ed9",
-      "created": "2023-02-28T21:43:54.880Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:43:54.880Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can send text messages.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e245e45a-71a8-408d-8f32-7b7337bffc26",
-      "created": "2023-01-18T19:19:58.007Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:10:23.208Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can hide its application icon.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe",
-      "created": "2017-10-25T14:48:53.746Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "A locked bootloader could prevent unauthorized modifications to protected operating system files. ",
-      "modified": "2022-03-30T20:07:33.678Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b",
-      "created": "2023-02-28T20:31:03.379Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        },
-        {
-          "source_name": "bitdefender_flubot_0524",
-          "description": "Filip TRUȚĂ, Răzvan GOSA, Adrian Mihai GOZOB. (2022, May 24). New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike. Retrieved February 28, 2023.",
-          "url": "https://www.bitdefender.com/blog/labs/new-flubot-campaign-sweeps-through-europe-targeting-android-and-ios-users-alike/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:06:56.734Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can send SMS phishing messages to other contacts on an infected device.(Citation: proofpoint_flubot_0421)(Citation: bitdefender_flubot_0524)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e7b7e813-4867-46fe-bf86-6f367553d765",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.456Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "source_name": "SecureList - ViceLeaker 2019"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "modified": "2020-01-21T14:20:50.455Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can copy arbitrary files from the device to the C2 server, can exfiltrate browsing history, can exfiltrate the SD card structure, and can exfiltrate pictures as the user takes them.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--de7e3a71-1152-481c-8e5c-88f53852cab6",
-      "created": "2022-04-01T15:16:53.239Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:16:53.239Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2e826926-fd5b-407c-adbc-e998058728d3",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.786Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.139Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record both incoming and outgoing phone calls, as well as microphone audio.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3f81a680-3151-4608-b83f-550756632013",
-      "type": "relationship",
-      "created": "2020-07-20T13:58:53.604Z",
+      "created": "2020-07-20T13:49:03.692Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -17089,332 +15166,11 @@
           "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
         }
       ],
-      "modified": "2020-09-24T15:12:24.301Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s IMEM, ICCID, and MEID.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "modified": "2020-09-24T15:12:24.191Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s Android ID and serial number.(Citation: TrendMicro-XLoader-FakeSpy)",
       "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4943cca6-69b1-4565-ac09-87ebda04584c",
-      "created": "2022-04-01T18:52:02.211Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be taught the dangers of rooting or jailbreaking their device.",
-      "modified": "2022-04-01T18:52:02.211Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349",
-      "created": "2020-10-29T19:01:13.826Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Microsoft MalLockerB",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:44:31.187Z",
-      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has registered to receive 14 different broadcast intents for automatically triggering malware payloads. (Citation: Microsoft MalLockerB)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-10-15T19:27:27.997Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--06348e22-9a06-4e4c-a57c-e438462e7fce",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.173Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record audio via the microphone when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5d37400f-80f9-4500-9357-185650e5a7b2",
-      "created": "2023-02-06T18:54:13.573Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:14:02.866Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can use HTTP to communicate with the C2 server.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--825ffecc-090f-44c8-87be-f7b72e07f987",
-      "created": "2022-04-01T18:43:15.716Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
-      "modified": "2022-04-01T18:43:15.716Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2",
-      "created": "2023-03-20T15:28:54.837Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:28:54.837Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc",
-      "created": "2019-09-04T14:28:15.412Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:19:04.639Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve calendar event information including the event name, when and where it is taking place, and the description.(Citation: Lookout-Monokle) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.888Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.888Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71",
-      "created": "2022-04-18T15:49:00.561Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-18T15:49:00.561Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--adc9957c-fa57-4e81-9231-b60f01b69859",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.010Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.010Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c",
-      "created": "2022-04-01T18:51:44.595Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
-      "modified": "2022-04-01T18:51:44.595Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--848581bc-bf8f-40e2-871e-cd67042b4adf",
-      "created": "2023-01-18T19:14:40.120Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:59:26.448Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use overlays to steal user banking credentials entered into legitimate sites.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072",
-      "type": "relationship",
-      "created": "2020-09-11T15:14:34.064Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SMS KitKat",
-          "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html",
-          "description": "S.Main, D. Braun. (2013, October 14).  Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-10-22T17:04:15.708Z",
-      "description": "Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.(Citation: SMS KitKat)",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -17442,45 +15198,26 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--d300eb82-5ca0-48aa-a45f-d34242545e27",
-      "created": "2022-03-30T15:08:28.814Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect unauthorized operating system modifications. ",
-      "modified": "2022-03-30T15:08:28.814Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e135cefa-f019-479d-86eb-438972df73e0",
-      "created": "2019-09-04T15:38:56.702Z",
+      "id": "relationship--2e7f8995-93ae-41bb-9baf-53178341d93e",
+      "created": "2021-02-08T16:36:20.630Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "FortiGuard-FlexiSpy",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:48:30.652Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) installs boot hooks into `/system/su.d`.(Citation: FortiGuard-FlexiSpy)",
+      "modified": "2023-04-05T17:06:00.885Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has deployed anti-analysis capabilities during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -17488,62 +15225,17 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--ce645a25-160f-443d-b288-fdd108b78a06",
-      "created": "2020-09-11T16:22:03.269Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:41:00.652Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s call log.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9c302eb1-1810-48a5-b34d-6aae303d2097",
-      "created": "2022-04-01T15:16:26.387Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be instructed to not open links in applications they don’t recognize.",
-      "modified": "2022-04-01T15:16:26.387Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad",
-      "created": "2023-03-20T18:55:03.385Z",
+      "id": "relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2",
+      "created": "2023-03-20T18:51:44.864Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:55:03.385Z",
+      "modified": "2023-03-20T18:51:44.864Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -17551,75 +15243,26 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--32958f57-ad9b-4fe1-abf3-6f92df895014",
       "type": "relationship",
-      "created": "2019-08-05T13:22:03.917Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.873Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--069b2328-442b-491e-962d-d3fe01f0549e",
-      "created": "2019-09-04T14:28:15.479Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via email and SMS from a set of \"control phones.\"(Citation: Lookout-Monokle)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae",
-      "created": "2020-12-24T22:04:27.902Z",
+      "id": "relationship--b110d919-acd4-4fe0-a46a-ac4819508667",
+      "created": "2020-07-20T13:58:53.589Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:04:02.992Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2023-04-05T21:21:35.992Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has been installed via a malicious configuration profile.(Citation: TrendMicro-XLoader-FakeSpy)",
       "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -17627,434 +15270,65 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--12de5aeb-9427-4665-81a0-257c76d6f188",
-      "created": "2023-03-03T16:20:48.781Z",
+      "id": "relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41",
+      "created": "2023-01-18T21:43:36.398Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-03T16:20:48.781Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has replaced device apps with ones it has downloaded.(Citation: paloalto_yispecter_1015)",
+      "modified": "2023-02-21T18:44:26.569Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can download attacker-specified files.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--81db3270-4cb8-4982-8ff8-c28a874e8421",
       "type": "relationship",
-      "id": "relationship--e8768455-4d0c-4e3c-a901-1fc871227745",
-      "created": "2022-03-30T17:54:56.603Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T17:54:56.603Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--95fec5e4-d48a-471f-8223-711cd32659b8",
-      "created": "2022-04-01T18:49:51.050Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:49:51.050Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3",
-      "created": "2023-03-03T16:26:48.531Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:26:48.531Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected compromised device MAC addresses.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+          "source_name": "TrendMicro-DressCode",
+          "description": "Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/"
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:54:13.685Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole contact list data stored both on the the phone and the SIM card.(Citation: Kaspersky-WUC)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DressCode](https://attack.mitre.org/software/S0300) sets up a \"general purpose tunnel\" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.(Citation: TrendMicro-DressCode)",
       "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a",
-      "created": "2020-06-26T14:55:13.304Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can display popups over running applications.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--86170d29-0e41-44d0-94b0-de7d23718302",
-      "created": "2022-04-05T19:42:39.957Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android 12 Features",
-          "url": "https://developer.android.com/about/versions/12/features",
-          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
-      "modified": "2022-04-05T19:51:47.956Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4",
-      "type": "relationship",
-      "created": "2020-04-08T15:51:25.157Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:51:25.157Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.548Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:00:43.490Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) uses `dumpsys` to determine if certain applications are running.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf",
-      "type": "relationship",
-      "created": "2020-09-11T15:43:49.309Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:43:49.309Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can send SMS messages from a device.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d",
-      "created": "2019-10-18T14:50:57.491Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities.",
-      "modified": "2022-03-30T15:52:58.256Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760",
-      "created": "2022-03-30T14:41:20.735Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Changes to System Broadcasts",
-          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
-          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)",
-      "modified": "2022-03-30T14:41:20.735Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be17dc63-5b0a-491a-be5f-132058444c3a",
-      "type": "relationship",
-      "created": "2019-08-09T17:52:13.352Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.877Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to take pictures using the device camera.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "source_ref": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf",
-      "created": "2023-03-20T18:59:14.759Z",
+      "id": "relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b",
+      "created": "2023-03-20T18:41:56.287Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:59:14.759Z",
+      "modified": "2023-03-20T18:41:56.287Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.664Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-01T19:48:44.840Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has looked for specific applications, such as MiCode.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213",
-      "created": "2022-04-20T17:31:58.697Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) has exfiltrated data using FTP.(Citation: TrendMicro Coronavirus Updates)",
-      "modified": "2022-04-20T17:31:58.697Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3c43d125-6719-420e-bb69-878cc91c2474",
-      "created": "2020-09-15T15:18:12.428Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:45:11.727Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--88e33687-e999-42c8-b46b-49d2adfa17d0",
-      "created": "2022-04-01T15:02:04.528Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Apple regularly provides security updates for known OS vulnerabilities. ",
-      "modified": "2022-04-01T15:02:04.528Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b610c587-576a-40cc-9f76-6362455c8ff4",
-      "created": "2023-03-20T18:43:01.334Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:01.334Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
       "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
@@ -18066,63 +15340,113 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d",
       "type": "relationship",
-      "id": "relationship--1317fb3d-ded3-4b84-8007-147f3b02948a",
-      "created": "2022-04-05T19:52:38.539Z",
-      "x_mitre_version": "0.1",
+      "created": "2020-01-21T15:30:39.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "CSRIC-WG1-FinalReport",
-          "description": "CSRIC-WG1-FinalReport"
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC-WG1-FinalReport) ",
-      "modified": "2022-04-05T19:52:38.539Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--afba6b19-7486-4e5a-8fda-e91852b0b354",
-      "type": "relationship",
-      "created": "2021-09-20T13:42:21.104Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-09-27T18:05:43.107Z",
-      "description": "Users should be encouraged to be very careful with what applications they grant phone call-based permissions to. Further, users should not change their default call handler to applications they do not recognize.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "modified": "2020-01-21T15:30:39.335Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can download attacker-specified files.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd",
+      "created": "2020-06-26T14:55:13.333Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+          "source_name": "Cybereason EventBot",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:53:03.638Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)",
+      "modified": "2023-04-05T17:49:38.924Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) registers for the `BOOT_COMPLETED` intent to auto-start after the device boots.(Citation: Cybereason EventBot)",
       "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--142532a6-bf7c-4b25-be23-16f01160f3c5",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.417Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.417Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f",
+      "created": "2022-04-01T12:50:48.459Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T12:50:48.459Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298",
+      "created": "2020-12-14T15:02:35.297Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T18:06:30.456Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect the device’s contact list.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -18134,24 +15458,17 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--08c81253-975c-4780-8e85-c72bc6a90c88",
-      "created": "2020-10-29T19:21:23.225Z",
+      "id": "relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3",
+      "created": "2019-10-18T15:51:48.487Z",
       "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can generate revenue by automatically displaying ads.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
+      "modified": "2022-04-05T19:42:51.306Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -18159,965 +15476,74 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87",
       "type": "relationship",
-      "created": "2020-06-26T15:12:40.098Z",
+      "id": "relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c",
+      "created": "2019-08-09T18:02:06.688Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) can capture video using device cameras.(Citation: Zscaler-SuperMarioRun)",
+      "modified": "2022-05-20T17:13:16.507Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1987b242-c868-40b2-993d-9dbeea311d4b",
+      "created": "2022-03-30T14:08:09.882Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:08:09.882Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50f03c00-5488-49fe-a527-a8776e526523",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.820Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
         }
       ],
-      "modified": "2020-06-26T15:12:40.098Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)",
+      "modified": "2020-11-24T17:55:12.820Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect a list of installed applications.(Citation: Talos GPlayed)",
       "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
       "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--0c558826-5cea-422e-8e67-83e53c04d409",
-      "created": "2020-06-26T15:32:25.146Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 using HTTP requests over port 8888.(Citation: CheckPoint Cerberus)",
-      "modified": "2022-04-20T16:37:46.192Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2d3198ff-a481-47ec-ae64-13d7be706929",
-      "created": "2023-02-28T21:41:47.503Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:41:47.503Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record video from the device camera.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6",
-      "created": "2022-04-05T19:54:12.660Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:54:12.660Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788",
-      "created": "2020-05-07T15:33:32.903Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:20:05.166Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications’ update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.340Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T18:55:29.238Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can use its ransomware module to encrypt device data and hold it for ransom.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619",
-      "created": "2023-03-20T18:44:04.803Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:04.803Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081",
-      "created": "2023-01-18T19:19:01.740Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:52:20.587Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use Accessibility Services to disable Google Play Protect.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a76d731b-484c-442a-b1a3-255d8398aefd",
-      "type": "relationship",
-      "created": "2019-10-10T15:22:52.545Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-RCSAndroid",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
-        }
-      ],
-      "modified": "2019-10-10T15:22:52.545Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76",
-      "created": "2023-03-20T18:42:18.058Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:42:18.058Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688",
-      "created": "2020-05-07T15:33:32.910Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:19:44.427Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can hide its icon from the application launcher.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388",
-      "created": "2022-03-30T20:36:18.656Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can typically detect rooted devices. For MDM-enrolled devices, action can be taken if a device fails an attestation check. ",
-      "modified": "2022-03-30T20:36:18.656Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bc79a212-139f-4dce-be72-e90585f38f03",
-      "created": "2023-03-16T18:31:37.091Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:31:37.091Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b018fe06-740b-4864-b30a-f047598506b3",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.510Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.510Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect various pieces of device information, including OS version, phone model, and manufacturer.(Citation: TrendMicro Coronavirus Updates) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9",
-      "created": "2023-02-28T21:42:52.037Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:25:22.438Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request location permissions.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d",
-      "created": "2019-07-10T15:25:57.585Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:39:29.860Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--44b63426-1ea7-456e-907b-0856e3eab0c3",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.142Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.142Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device’s location.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--300c824d-5586-411b-b274-8941a99a98fb",
-      "created": "2022-03-30T14:06:01.859Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T14:06:01.859Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--68c17e9b-1fda-49dd-982b-566d473cc32b",
-      "created": "2022-04-06T15:51:11.939Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:51:11.939Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c89d6493-3f33-4568-ac77-ba13b206ae69",
-      "created": "2023-03-20T18:52:24.667Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:24.667Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5",
-      "created": "2020-04-08T15:41:19.445Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
-        },
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the C2 address from Twitter and Telegram.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)",
-      "modified": "2022-04-20T17:57:23.327Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--42342d72-a37c-477e-b8f1-1768273fcb7f",
-      "created": "2019-10-18T15:51:48.451Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required. ",
-      "modified": "2022-04-01T13:32:32.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--25655385-5b0d-4700-a59f-d5d043625b84",
-      "created": "2023-02-06T18:50:50.273Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:13:16.813Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can use rooting exploits to silently give itself permissions or install additional malware.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f62e0aaf-e52f-40b9-a059-001f298a0660",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-Skygofree",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:19:00.168Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f",
-      "created": "2023-02-28T20:39:57.194Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:07:21.417Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use Domain Generation Algorithms to connect to the C2 server.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.324Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.324Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--60782df8-1e96-48eb-a6b7-843c94b32b59",
-      "created": "2023-02-06T19:43:17.802Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:33:52.290Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can hide its application icon.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920",
-      "created": "2022-04-05T19:46:22.326Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
-      "modified": "2022-04-05T19:46:22.326Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6c0105f3-e919-499d-b080-d127394d2837",
-      "created": "2022-03-30T18:14:23.210Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
-      "modified": "2022-03-30T18:14:23.210Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--def81edd-4410-47b2-a80f-d47b3f353f54",
-      "created": "2023-03-16T18:27:42.656Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:27:42.656Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e",
-      "created": "2023-03-20T18:52:52.011Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:52.011Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.753Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.753Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploit tools to gain root, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50",
-      "type": "relationship",
-      "created": "2021-09-20T13:50:02.036Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:50:02.036Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can make phone calls.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6",
-      "created": "2023-03-16T13:31:29.822Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T13:31:29.822Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0100020b-97d4-4657-bc71-c6a1774055a6",
-      "created": "2022-04-20T17:36:25.707Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:39:23.114Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.004Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.004Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Judy",
-          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018.",
-          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Judy](https://attack.mitre.org/software/S0325) bypasses Google Play's protections by downloading a malicious payload at runtime after installation.(Citation: CheckPoint-Judy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--68e5789c-9f60-421e-9c79-fae207a29e83",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:27:20.839Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole SMS message content.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--34f9aed0-48a7-4815-8456-5541a7b8210f",
-      "created": "2019-09-04T14:28:16.487Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the user's keystrokes.(Citation: Lookout-Monokle)",
-      "modified": "2022-04-15T17:34:52.414Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--30ab9ce7-5369-402a-94ee-f8452642acb9",
-      "created": "2022-03-30T19:50:37.739Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:50:37.739Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f",
-      "created": "2019-11-21T19:16:34.776Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:44:53.855Z",
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) registers for the `BOOT_COMPLETED` and `USER_PRESENT` broadcast intents, which allows the software to perform actions after the device is booted and when the user is using the device, respectively.(Citation: CheckPoint SimBad 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--41da5845-a1a8-4d10-8929-053be3496396",
-      "created": "2022-04-20T17:46:43.542Z",
+      "id": "relationship--d59da983-c521-47b6-83ab-435f7d58611d",
+      "created": "2019-11-21T16:42:48.493Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -19135,133 +15561,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:39:57.165Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP data exfiltration.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "modified": "2023-04-05T20:12:57.861Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP requests for C2 communication.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
       "relationship_type": "uses",
       "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4449ac76-8329-4483-b152-99b990006cbc",
-      "created": "2019-09-04T15:38:56.937Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:58:10.115Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect a list of known Wi-Fi access points.(Citation: FlexiSpy-Features) ",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435",
-      "created": "2022-04-05T19:51:08.770Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android 12 Features",
-          "url": "https://developer.android.com/about/versions/12/features",
-          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
-      "modified": "2022-04-05T19:51:08.770Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--886849fc-f83c-4d69-b700-bfad0def765d",
-      "created": "2023-03-16T18:32:30.054Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:32:30.054Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--492d5699-f885-411a-8431-254fcf33fb12",
-      "created": "2019-08-09T16:14:58.367Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Capture Sensor 2019",
-          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
-          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 and above restricts access to the mic, camera, and other device sensors from applications running in the background. iOS 14 and Android 12 introduced a visual indicator on the status bar (green dot) when an application is accessing the device’s camera.(Citation: Android Capture Sensor 2019)",
-      "modified": "2022-04-01T13:56:12.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "url": "https://www.wandera.com/reddrop-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:01:48.463Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses HTTP requests for C2 communication.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
       "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -19269,26 +15572,101 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674",
       "type": "relationship",
-      "id": "relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a",
-      "created": "2020-11-20T16:37:28.475Z",
+      "created": "2020-12-24T22:04:28.025Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.025Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d724bcf3-25d2-406a-b612-333fea5e2385",
+      "created": "2020-10-29T17:48:27.440Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97",
+      "created": "2023-02-06T19:06:37.359Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Symantec GoldenCup",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:52:20.309Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s contact list.(Citation: Symantec GoldenCup)",
+      "modified": "2023-02-06T19:06:37.359Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can receive files from the C2 at runtime.(Citation: lookout_abstractemu_1021)",
       "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1348c744-3127-4a55-a5b4-2f439f41e941",
+      "created": "2020-07-27T14:14:56.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:48:16.775Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can install itself on the system partition to achieve persistence. [Zen](https://attack.mitre.org/software/S0494) can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -19296,27 +15674,27 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--4e68feca-083f-40ed-88d8-2b6a3935c949",
-      "created": "2023-01-18T19:12:11.201Z",
+      "id": "relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4",
+      "created": "2021-01-05T20:16:20.507Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:53:38.271Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use the Android `CallScreeningService` to silently block incoming calls.(Citation: cyble_drinik_1022)",
+      "modified": "2023-04-05T21:23:12.919Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can execute commands .(Citation: Zscaler TikTok Spyware)",
       "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
+      "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -19324,367 +15702,71 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--b356d405-f6b1-485b-bd35-236b9da766d2",
+      "id": "relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b",
       "type": "relationship",
-      "created": "2020-04-24T17:46:31.586Z",
+      "created": "2020-07-20T13:27:33.549Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
         }
       ],
-      "modified": "2020-04-27T15:27:26.539Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can use the `MediaRecorder` class to record the screen when the targeted application is presented to the user, and can abuse accessibility features to record targeted applications to intercept transaction authorization numbers (TANs) and to scrape on-screen text.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2020-08-10T21:57:54.524Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.(Citation: Talos-WolfRAT)",
       "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
       "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53",
       "type": "relationship",
-      "created": "2020-07-15T20:20:59.318Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.318Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) uses foreground persistence to keep a service running. It shows the user a transparent notification to evade detection.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9",
-      "created": "2019-09-04T14:28:15.316Z",
+      "id": "relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a",
+      "created": "2019-11-21T19:16:34.796Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+          "source_name": "CheckPoint SimBad 2019",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:26:48.912Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can remount the system partition as read/write to install attacker-specified certificates.(Citation: Lookout-Monokle) ",
+      "modified": "2023-04-05T20:45:42.081Z",
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) hides its icon from the application launcher.(Citation: CheckPoint SimBad 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--97417113-1840-4e00-98d3-bb222e1a1f60",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.980Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.815Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) base64 encodes one of the strings it searches for.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13",
-      "created": "2020-10-29T17:48:27.425Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:45:26.765Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) has registered to receive the `BOOT_COMPLETED` broadcast intent.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.284Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.284Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can install attacker-specified components or applications.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7",
-      "created": "2022-03-31T19:53:01.320Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-31T19:53:01.320Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055",
       "type": "relationship",
+      "id": "relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8",
       "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-09-10T13:14:39.009Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) captures live recordings of the device's surroundings.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9",
-      "created": "2022-03-30T14:26:02.359Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Changes to System Broadcasts",
-          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
-          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ",
-      "modified": "2022-03-30T14:26:02.359Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab",
-      "created": "2022-04-11T20:06:38.811Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products that are part of the Samsung Knox for Mobile Threat Defense program could examine running applications while the device is idle, potentially detecting malicious applications that are running primarily when the device is not being used.",
-      "modified": "2022-04-11T20:06:38.811Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--71490fdb-e271-4a67-b932-5288924b1dae",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-DualToy",
-          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DualToy](https://attack.mitre.org/software/S0315) collects the connected iOS device’s information including IMEI, IMSI, ICCID, serial number and phone number.(Citation: PaloAlto-DualToy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625",
-      "created": "2022-03-31T16:33:55.074Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-31T16:33:55.074Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dbef53a9-f9c4-4582-8e93-349ad488de12",
-      "created": "2023-02-28T21:42:06.525Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:27:42.197Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view call logs.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.286Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.286Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device network configuration information, such as mobile network operator.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "source_name": "Lookout-StealthMango",
           "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
         }
       ],
-      "modified": "2019-10-15T19:44:36.177Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:50:54.500Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
       "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1d828f51-1c04-466c-beaf-2d4de741a544",
-      "created": "2020-05-04T14:04:56.184Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020.",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:03:18.675Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can access SMS messages in order to complete carrier billing fraud.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -19696,395 +15778,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce",
-      "created": "2022-04-01T18:42:50.381Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Providing user guidance around commonly abused features, such as the modal that requests for administrator permissions, should aid in preventing impairing defenses.",
-      "modified": "2022-04-01T18:42:50.381Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556",
-      "created": "2019-09-04T15:38:56.678Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm"
-        },
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:44:31.870Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) is capable of hiding SuperSU's icon if it is installed and visible.(Citation: FortiGuard-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) can also hide its own icon to make detection and the uninstallation process more difficult.(Citation: FlexiSpy-Features)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bba8b056-acbe-4fed-b890-965a446d7a3c",
-      "created": "2022-04-01T18:45:00.923Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be warned against granting access to accessibility features and device administration services, and to carefully scrutinize applications that request these dangerous permissions. Users should be taught how to boot into safe mode to uninstall malicious applications that may be interfering with the uninstallation process.",
-      "modified": "2022-04-01T18:45:00.923Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.914Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.914Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8f2929a9-cd25-4e07-b402-447da68aaa56",
-      "created": "2020-04-24T15:06:33.455Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:10:43.246Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--386b0a9f-9951-4717-8bce-30c8fbe05050",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:24.955Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:24.955Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) uses standard payload and string obfuscation techniques.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5aa167b8-4166-440b-b49f-bf1bab597237",
-      "created": "2019-11-21T16:42:48.441Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:39:13.309Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect the device’s call log.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9",
-      "created": "2020-07-20T13:27:33.509Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:36:07.297Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s call log.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.294Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can obtain a list of installed applications.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d",
-      "type": "relationship",
-      "created": "2019-08-09T18:06:11.672Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.672Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) can take pictures with both the front and rear-facing cameras.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e",
-      "created": "2023-03-03T16:25:52.931Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:25:52.931Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected information about installed applications.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad",
-      "created": "2020-04-24T15:06:33.397Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:37:37.674Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect the device’s call log.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d",
-      "created": "2020-07-15T20:20:59.380Z",
+      "id": "relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52",
+      "created": "2019-09-23T13:36:08.459Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used Firebase for C2.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-18T19:18:24.378Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can use phishing overlays to capture users' credit card information.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3364dd33-c012-4aaf-852b-86e63bd724ac",
-      "created": "2023-02-06T19:38:22.312Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        },
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-11T22:06:53.022Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can gather session cookies from infected devices. [S.O.V.A.](https://attack.mitre.org/software/S1062) can also abuse Accessibility Services to steal Google Authenticator tokens.(Citation: threatfabric_sova_0921)(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--806a9338-be20-4eef-aa54-067633ac0e58",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.421Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.421Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the device’s GPS location.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31",
-      "created": "2022-09-29T20:11:55.474Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T18:39:16.003Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of enumerating specific files on the infected devices.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -20093,24 +15804,50 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--268c12df-d3bc-46fa-99e9-32caab50b175",
-      "created": "2022-03-30T15:52:09.759Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443",
+      "created": "2020-07-20T13:49:03.676Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T15:52:09.759Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has fetched its C2 address from encoded Twitter names, as well as Instagram and Tumblr.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "modified": "2022-04-20T17:58:16.567Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
       "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8244700e-6f96-463a-a9c3-810c489a2c60",
+      "created": "2023-03-20T15:20:24.554Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:20:24.554Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a",
-      "created": "2020-06-26T15:32:24.962Z",
+      "id": "relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50",
+      "created": "2020-06-26T15:32:25.025Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -20123,344 +15860,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:42:04.769Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) hides its icon from the application drawer after being launched for the first time.(Citation: Threat Fabric Cerberus)",
+      "modified": "2023-04-05T17:52:43.629Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain the device’s contact list.(Citation: Threat Fabric Cerberus)",
       "relationship_type": "uses",
       "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--34dd5c26-eec9-4288-8e53-677271d490b2",
-      "created": "2023-01-18T19:46:02.646Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:43:57.834Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use accessibility event logging to steal data in text fields.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--455b1287-5784-42b4-91fb-01dac007758d",
-      "created": "2020-09-29T13:24:15.234Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can open a dialog box to ask the user for passwords.(Citation: Lookout-Dendroid)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414",
-      "created": "2019-10-18T14:50:57.521Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
-      "modified": "2022-03-30T20:08:17.127Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041",
-      "type": "relationship",
-      "created": "2017-10-25T14:48:53.742Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:08:18.481Z",
-      "description": "Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a285f343-09c3-49af-9c18-1dccf89e9009",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.391Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.391Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect a directory listing of external storage.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.519Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.519Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--950e1476-83ca-4e81-b542-c91a19b206d7",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.466Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.466Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device information such as network operator, model, brand, and OS version.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9b8b51fb-c380-4516-b109-821f015506d4",
-      "created": "2023-03-20T15:40:26.994Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:40:26.994Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8",
-      "created": "2023-03-20T18:56:24.246Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:56:24.246Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2",
-      "created": "2022-04-01T13:27:29.919Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:27:29.920Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.610Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.693Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves a list of all applications installed on the device.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:42:14.121Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted call logs.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8",
-      "type": "relationship",
-      "created": "2020-09-24T15:34:51.433Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "modified": "2020-09-24T15:34:51.433Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can record audio and outgoing calls.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.380Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.380Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) dynamically loads its malicious functionality at runtime from an RC4-encrypted TTF file. [EventBot](https://attack.mitre.org/software/S0478) also utilizes ProGuard to obfuscate the generated APK file.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb",
-      "created": "2019-09-04T15:38:56.881Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:56:00.761Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect device contacts.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -20469,910 +15872,8 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71",
-      "created": "2019-07-10T15:42:09.606Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:01:46.513Z",
-      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) controls implants using standard HTTP communication.(Citation: Lookout Dark Caracal Jan 2018) ",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9",
-      "created": "2022-04-01T13:19:41.207Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:19:41.207Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7",
-      "created": "2023-03-20T18:55:33.546Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:55:33.546Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f",
-      "created": "2020-06-02T14:32:31.906Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)",
-      "modified": "2022-04-20T16:40:05.898Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b",
-      "created": "2021-02-17T20:49:24.542Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:22:40.300Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) can run arbitrary shell commands.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.382Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.382Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has communicated with the C2 server over TCP port 7777.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa",
-      "created": "2020-11-10T17:08:35.761Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:00:38.611Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has deleted call log entries coming from known C2 sources.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545",
-      "created": "2019-09-23T13:36:08.429Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:56:23.365Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) processes incoming SMS messages by filtering based on phone numbers, keywords, and regular expressions, focusing primarily on banks, payment systems, and mobile network operators. [Rotexy](https://attack.mitre.org/software/S0411) can also send a list of all SMS messages on the device to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365",
-      "created": "2019-09-04T14:28:15.950Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:35:59.273Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--07dd3318-2965-4085-be64-a8e956c7b8da",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.319Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.319Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has stored encoded strings.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017.",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:24:53.701Z",
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures SMS data.(Citation: Zscaler-SuperMarioRun)",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4b68bcb1-a512-40f7-9aee-235b3668f022",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.271Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.271Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain clipboard contents.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e3a961ec-8184-4143-b8c2-c33ea0503678",
-      "type": "relationship",
-      "created": "2020-09-24T15:34:51.315Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "modified": "2020-09-24T15:34:51.315Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can take photos and record videos.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d",
-      "created": "2020-05-04T14:04:56.179Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) payloads have used several commercially available packers.(Citation: Google Bread)",
-      "modified": "2022-04-15T17:20:54.552Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017.",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:24:32.173Z",
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures call data.(Citation: Zscaler-SuperMarioRun)",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33",
-      "created": "2023-03-20T19:00:09.608Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T19:00:09.608Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f",
-      "created": "2020-06-26T15:12:40.100Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020.",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:49:00.042Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69",
-      "created": "2019-10-14T19:14:18.673Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Group IB Gustuff Mar 2019",
-          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019.",
-          "url": "https://www.group-ib.com/blog/gustuff"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:32:47.359Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) hides its icon after installation.(Citation: Group IB Gustuff Mar 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "modified": "2019-10-10T15:24:09.378Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can copy files from the device to the C2 server.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3d65c2b7-c907-45e1-b942-95f7d765e749",
-      "created": "2023-03-20T18:53:34.056Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:34.056Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.398Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.398Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--33857221-2543-4a7f-8255-b0d140d70ad7",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.461Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.686Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record call audio.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819",
-      "type": "relationship",
-      "created": "2019-08-07T15:57:13.412Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-15T15:36:42.312Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can retrieve a list of installed applications. Installed application names are then checked against an adversary-defined list of targeted applications.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f",
-      "created": "2022-04-01T18:49:19.284Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators’ ability to reset the device’s passcode.",
-      "modified": "2022-04-01T18:49:19.284Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fb62afa9-d593-44f8-840d-bd5c595a1228",
-      "created": "2022-04-01T18:44:46.780Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-01T18:44:46.780Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7",
-      "type": "relationship",
-      "created": "2019-03-11T15:13:40.425Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
-          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
-          "source_name": "TrendMicro-Anserver2"
-        }
-      ],
-      "modified": "2019-10-15T19:55:04.517Z",
-      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device OS version, device build version, manufacturer, and model.(Citation: TrendMicro-Anserver2)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1",
-      "created": "2019-09-04T15:38:56.809Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:37:35.704Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can delete data from a compromised device.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--828417ec-c444-41c8-95b4-c339c5ecf62b",
-      "created": "2022-03-30T20:48:00.360Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
-      "modified": "2022-03-30T20:48:00.360Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7accde36-cb29-43c6-8c66-6486efd867a8",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.157Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather GPS coordinates.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3",
-      "created": "2020-11-24T17:55:12.830Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:21:42.102Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can read SMS messages.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.492Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-14T17:15:52.637Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) One queries the device for its IMEI code and the phone number in order to validate the target of a new infection.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724",
-      "created": "2022-04-01T15:02:21.344Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken devices. ",
-      "modified": "2022-04-01T15:02:21.344Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711",
-      "created": "2023-02-06T20:12:17.434Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:04:59.445Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can request the `READ_CALL_LOG` permission.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.377Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.377Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect all accounts stored on the device.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8ea39534-6fe9-404c-94b7-0f320af95404",
-      "created": "2022-04-01T15:17:21.511Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:17:21.511Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb3b32a8-6422-4d44-91e3-27a58e569963",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.494Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.179Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take screenshots of any application in the foreground.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.412Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.412Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has included native modules.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9d621873-6d3c-4660-be9a-57e2e8648236",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Proofpoint-Marcher",
-          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018.",
-          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:24:29.502Z",
-      "description": "[Marcher](https://attack.mitre.org/software/S0317) requests Android Device Administrator access.(Citation: Proofpoint-Marcher)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb",
-      "created": "2023-03-20T18:43:03.537Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:03.537Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f92fe9dd-7296-42f6-904e-e245c438376e",
-      "created": "2020-12-14T15:02:35.291Z",
+      "id": "relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39",
+      "created": "2020-12-14T15:02:35.294Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -21385,36 +15886,339 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:25:06.012Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can request device administrator permissions.(Citation: Securelist Asacub)",
+      "modified": "2023-04-05T20:32:42.890Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect SMS messages as they are received.(Citation: Securelist Asacub)",
       "relationship_type": "uses",
       "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d",
       "type": "relationship",
-      "id": "relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e",
-      "created": "2020-06-26T15:32:24.921Z",
+      "created": "2020-10-29T19:21:23.235Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:21:23.235Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has hidden the C2 server address using base-64 encoding. (Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.607Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) contains obfuscated function, class, and variable names, and encrypts its shared preferences using Java’s `PBEWithMD5AndDES` algorithm.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8",
+      "created": "2023-01-18T19:58:00.503Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:50:47.973Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.(Citation: Threat Fabric Cerberus)",
+      "modified": "2023-03-27T18:57:14.522Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use RC4 to encrypt C2 payloads.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ee095f20-eef5-4dcc-a537-70b387592c2c",
+      "created": "2023-02-28T20:38:46.702Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "bitdefender_flubot_0524",
+          "description": "Filip TRUȚĂ, Răzvan GOSA, Adrian Mihai GOZOB. (2022, May 24). New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike. Retrieved February 28, 2023.",
+          "url": "https://www.bitdefender.com/blog/labs/new-flubot-campaign-sweeps-through-europe-targeting-android-and-ios-users-alike/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:15:20.089Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use Accessibility Services to make removal of the malicious app difficult.(Citation: bitdefender_flubot_0524)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.427Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:42:15.628Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can send, receive, and delete SMS messages.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--abf03652-acd0-4361-8a66-f7e70e8e4376",
+      "created": "2020-06-02T14:32:31.913Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020.",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:12:12.766Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112",
+      "created": "2022-04-05T19:59:03.285Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:59:03.285Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3",
+      "created": "2019-07-10T15:35:43.712Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:36:27.557Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) has the ability to delete attacker-specified files from compromised devices.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be27a303-5748-4b72-ba69-a328e2f6cc08",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.177Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.177Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4d542595-1eb0-45aa-9702-9d494142b390",
+      "type": "relationship",
+      "created": "2019-08-09T18:08:07.109Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.109Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record video or capture photos when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8870c211-820a-46a1-96fc-02f4e6eaec03",
+      "type": "relationship",
+      "created": "2020-11-10T16:50:39.134Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T15:40:36.387Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has collected device network information, including 16-bit GSM Cell Identity, 16-bit Location Area Code, Mobile Country Code (MCC), and Mobile Network Code (MNC). [CarbonSteal](https://attack.mitre.org/software/S0529) has also called `netcfg` to get stats.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57a5ae72-6932-45e6-83f2-609943902b35",
+      "created": "2023-03-20T18:50:33.248Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:50:33.248Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.229Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.229Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect and record audio content.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3",
+      "created": "2020-12-18T20:14:47.316Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020.",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:50:29.535Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) checks whether its call stack has been modified, an indication that it is running in an analysis environment, and if so, does not decrypt its obfuscated strings(Citation: WhiteOps TERRACOTTA).",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
       "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -21425,22 +16229,68 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--b2896068-4d54-41e1-b0f2-db9385615112",
+      "id": "relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4",
       "type": "relationship",
-      "created": "2021-01-05T20:16:20.426Z",
+      "created": "2021-02-17T20:43:52.413Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
         }
       ],
-      "modified": "2021-01-05T20:16:20.426Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has shown a persistent notification to maintain access to device sensors.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2021-02-17T20:43:52.413Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has compressed and encrypted data before exfiltration using password protected .7z archives.(Citation: Lookout FrozenCell)",
       "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4088b31b-d542-4935-84b4-82b592159591",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-10-10T15:22:52.591Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.838Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to exploit well-known Android OS vulnerabilities to escalate privileges.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -21449,16 +16299,851 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--b402664b-a5b4-45e4-832f-02638e6c67a7",
-      "created": "2022-04-01T14:59:17.991Z",
+      "id": "relationship--96298aed-9e9f-4836-b29b-04c88e79e53e",
+      "created": "2022-04-01T18:42:37.987Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores. ",
-      "modified": "2022-04-01T14:59:17.991Z",
+      "description": "Security updates often contain patches for vulnerabilities that could be exploited for root access. Root access is often a requirement to impairing defenses.",
+      "modified": "2022-04-01T18:42:37.987Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd",
+      "created": "2020-07-15T20:20:59.289Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:49:47.110Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can evade automated analysis environments by requiring a CAPTCHA on launch that will prevent the application from running if not passed. It also checks for indications that it is running in an emulator.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.531Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:55:55.049Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can take pictures using the camera and can record MP4 files.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213",
+      "created": "2023-03-20T15:32:36.972Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:32:36.972Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--17141729-226d-40d4-928d-ffbd2eed7d11",
+      "created": "2022-04-05T19:37:16.086Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:37:16.086Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6",
+      "created": "2023-02-28T20:31:55.191Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T20:31:55.191Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can access app notifications.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:27:01.081Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to modify the device's system partition.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132",
+      "created": "2022-03-30T14:06:26.530Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
+      "modified": "2022-03-30T14:06:26.530Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--be7c3f83-b164-4d53-bfac-65f7437dabec",
+      "created": "2023-03-20T18:54:36.266Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:54:36.266Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.296Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect the device’s location.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9f83d618-a42d-4797-b9fe-030affdbd13f",
+      "created": "2023-01-18T19:46:45.399Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:49:35.020Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can hide and send SMS messages. [SharkBot](https://attack.mitre.org/software/S1055) can also change which application is the device’s default SMS handler.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3efe7dcc-a572-45ac-aff2-2932206a0632",
+      "created": "2019-08-07T15:57:13.441Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:52:06.559Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can access and upload the device's contact list to the command and control server.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674",
+      "created": "2023-01-18T19:56:01.025Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:48:53.396Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can intercept SMS messages.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451",
+      "type": "relationship",
+      "created": "2019-10-10T15:03:27.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-10T15:03:27.682Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) One encrypts data using XOR prior to exfiltration.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.201Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-03-26T20:50:07.154Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect local accounts on the device, pictures, bookmarks/histories of the default browser, and files stored on the SD card. [GolfSpy](https://attack.mitre.org/software/S0421) can list image, audio, video, and other files stored on the device. [GolfSpy](https://attack.mitre.org/software/S0421) can copy arbitrary files from the device.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca",
+      "created": "2020-09-11T16:22:03.285Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:50:52.737Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s contact list.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-XcodeGhost",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can read and write data in the user’s clipboard.(Citation: PaloAlto-XcodeGhost)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's phone number, mobile device unique identifier (IMEI).(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e5e4567e-05a3-4d79-beab-191efc336473",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.333Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-03-26T20:50:07.266Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encrypts data using a simple XOR operation with a pre-configured key prior to exfiltration.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c",
+      "type": "relationship",
+      "created": "2019-09-23T13:36:08.390Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-10-14T20:49:24.646Z",
+      "description": "Starting in 2017, the [Rotexy](https://attack.mitre.org/software/S0411) DEX file was packed with garbage strings and/or operations.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be39c012-7201-4757-8cd6-c855bc945a9e",
+      "type": "relationship",
+      "created": "2019-07-10T15:25:57.623Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "modified": "2019-08-12T17:30:07.568Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be136fd1-6949-4de6-be37-6d76f8def41a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-10-15T19:37:21.366Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests location data from victims.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348",
+      "created": "2022-04-20T17:42:11.714Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "url": "https://www.wandera.com/reddrop-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:40:15.440Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses standard HTTP for exfiltration.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0",
+      "type": "relationship",
+      "created": "2020-04-24T15:12:11.185Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:12:11.185Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) requests permissions to use the device camera.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.261Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.261Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect system information such as OS version, device vendor, and the type of screen lock that is active on the device.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fc816ddc-199d-47b0-93af-c81305d0919f",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.767Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.767Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56",
+      "created": "2019-09-03T20:08:00.737Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) abuses accessibility features to intercept all interactions between a user and the device.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T17:39:08.123Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.913Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-06T15:32:46.477Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--59d463d3-3a41-4269-be9a-7a69f44eca78",
+      "created": "2020-10-29T19:21:23.215Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:03:47.434Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has communicated with the C2 server using HTTP.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f",
+      "created": "2022-03-30T19:28:55.980Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates typically provide patches for vulnerabilities that could be abused by malicious applications.",
+      "modified": "2022-03-30T19:28:55.980Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--91a4924f-2519-4662-91f2-b7ef715a459f",
+      "created": "2023-03-20T18:59:55.756Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:59:55.756Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36",
+      "created": "2023-03-20T18:41:31.300Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:41:31.300Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7258542e-029b-45b9-be69-6e76d9c93b35",
+      "created": "2020-09-14T13:35:45.886Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ESET-Twitoor",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:43:03.565Z",
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can hide its presence on the system.(Citation: ESET-Twitoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070",
+      "created": "2020-12-18T20:14:47.302Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used Firebase for C2 communication.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-18T19:18:56.475Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.(Citation: Lookout-BrainTest)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--242dc659-c205-4e9e-95f9-14fee66195af",
+      "created": "2022-04-01T15:29:36.082Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Configuration of per-app VPN policies instead of device-wide VPN can restrict access to internal enterprise resource access via VPN to only enterprise-approved applications",
+      "modified": "2022-04-01T15:29:36.082Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -21490,111 +17175,61 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--3dff770d-9627-4647-b945-7f24a97b2273",
       "type": "relationship",
-      "id": "relationship--17141729-226d-40d4-928d-ffbd2eed7d11",
-      "created": "2022-04-05T19:37:16.086Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:37:16.086Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2019-09-15T15:26:22.926Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6",
-      "created": "2023-02-28T20:31:55.191Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T20:31:55.191Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can access app notifications.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6d2c7743-fc75-4524-b217-13867ca1dd10",
-      "created": "2019-09-03T20:08:00.649Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:32:04.659Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) can collect the contact list.(Citation: Talos Gustuff Apr 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--901492b5-b074-4631-ad6e-4178caa4164a",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.017Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.017Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132",
-      "created": "2022-03-30T14:06:26.530Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
-      "modified": "2022-03-30T14:06:26.530Z",
+      "modified": "2020-06-24T15:02:13.533Z",
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.501Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "source_name": "SecureList - ViceLeaker 2019"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "modified": "2020-01-21T14:20:50.492Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect location information, including GPS coordinates.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e",
+      "created": "2022-03-30T18:07:07.306Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
+      "modified": "2022-03-30T18:07:07.306Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -21603,29 +17238,120 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61",
+      "id": "relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c",
       "type": "relationship",
-      "created": "2020-01-27T17:05:58.201Z",
+      "created": "2019-09-04T15:38:56.946Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
         }
       ],
-      "modified": "2020-03-26T20:50:07.154Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect local accounts on the device, pictures, bookmarks/histories of the default browser, and files stored on the SD card. [GolfSpy](https://attack.mitre.org/software/S0421) can list image, audio, video, and other files stored on the device. [GolfSpy](https://attack.mitre.org/software/S0421) can copy arbitrary files from the device.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2019-09-10T14:59:26.136Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can retrieve a list of installed applications.(Citation: FlexiSpy-Features) ",
       "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--13efc415-5e17-4a16-81c2-64e74815907f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-XcodeGhost",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can prompt a fake alert dialog to phish user credentials.(Citation: PaloAlto-XcodeGhost)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.489Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.128Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract the GPS coordinates of the device.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fada5ba5-7449-4878-b555-82f225473c8b",
+      "created": "2022-03-30T19:28:42.179Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. ",
+      "modified": "2022-03-30T19:28:42.179Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--271a311f-71bc-4558-a314-0edfbec44b64",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.495Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2019-11-21T16:42:48.495Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) collects device information, including the device model and OS version.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674",
-      "created": "2023-01-18T19:56:01.025Z",
+      "id": "relationship--085f8397-0233-42d7-855e-3dbd709f2eca",
+      "created": "2023-01-18T21:39:27.823Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -21638,192 +17364,14 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:48:53.396Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can intercept SMS messages.(Citation: nccgroup_sharkbot_0322)",
+      "modified": "2023-03-27T18:30:43.093Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use the Android “Direct Reply” feature to spread the malware to other devices. It can also download the full version of the malware after initial device compromise.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
       "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--681161b2-4e30-4d49-8524-6cc0d94585cb",
-      "created": "2023-03-16T13:33:26.925Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T13:33:26.925Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6b41d649-bcd0-4427-baa1-15a145bace6e",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.642Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) downloads and executes root exploits from a remote server.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be136fd1-6949-4de6-be37-6d76f8def41a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-10-15T19:37:21.366Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests location data from victims.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Gooligan Citation",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
-        }
-      ],
-      "modified": "2019-10-10T15:18:51.121Z",
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) steals authentication tokens that can be used to access data from multiple Google applications.(Citation: Gooligan Citation)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6",
-      "created": "2020-01-21T14:20:50.409Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:46:20.857Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) includes code to hide its icon, but the function does not appear to be called in an analyzed version of the software.(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--56a255a5-9fa2-45bb-8848-fd0a68514467",
-      "created": "2022-04-11T20:06:56.034Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-11T20:06:56.034Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02",
-      "created": "2020-06-26T15:32:25.144Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint Cerberus",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020.",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:10:26.480Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 server using HTTP.(Citation: CheckPoint Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b",
-      "created": "2023-03-20T15:56:47.307Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:56:47.307Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -21831,205 +17379,175 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630",
-      "created": "2020-07-15T20:20:59.300Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can manipulate visual components to trick the user into granting dangerous permissions, and can use phishing overlays and JavaScript injection to capture credentials.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--96298aed-9e9f-4836-b29b-04c88e79e53e",
-      "created": "2022-04-01T18:42:37.987Z",
+      "id": "relationship--f84355c2-b829-4324-821a-b5148734bb6b",
+      "created": "2022-04-01T15:21:35.655Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities that could be exploited for root access. Root access is often a requirement to impairing defenses.",
-      "modified": "2022-04-01T18:42:37.987Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7defdb15-65d1-40ca-a9da-5c0484892484",
-      "created": "2020-04-24T17:46:31.616Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can be controlled via encrypted SMS message.(Citation: SecurityIntelligence TrickMo)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f4aeacef-035c-4308-9e85-997703e27809",
-      "created": "2020-01-27T17:05:58.305Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:27:33.906Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can delete arbitrary files on the device.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3230c032-17e0-49f7-b948-c157049aafe2",
-      "created": "2017-10-25T14:48:53.742Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.",
-      "modified": "2022-04-01T15:34:50.556Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956",
-      "created": "2020-11-24T17:55:12.873Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:21:56.899Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has communicated with the C2 using HTTP requests or WebSockets as a backup.(Citation: Talos GPlayed) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--97158eda-5092-4939-8b5c-1ef5ab918089",
-      "type": "relationship",
-      "created": "2020-04-24T15:12:11.189Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:12:11.189Z",
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) can collect device photos.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4",
-      "created": "2022-04-06T15:28:20.249Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be instructed to not grant applications unexpected or unnecessary permissions. ",
-      "modified": "2022-04-06T15:28:20.249Z",
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output. ",
+      "modified": "2022-04-01T15:21:35.655Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:12:22.002Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses contact list information.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c",
       "type": "relationship",
-      "created": "2019-12-10T16:07:41.078Z",
+      "id": "relationship--a92a805e-d5f5-4e94-8592-c253e03e4476",
+      "created": "2022-03-31T19:51:15.415Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Package Visibility",
+          "url": "https://developer.android.com/training/package-visibility",
+          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
+      "modified": "2022-04-11T19:19:34.658Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9398bf9d-be77-4ac2-acea-893152cafd16",
+      "created": "2022-03-30T14:43:46.034Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:43:46.034Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a95fe853-d1d1-47dc-a776-b905daacfe32",
+      "created": "2020-06-26T20:16:32.181Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020.",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:11:53.609Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--66fb8a34-9d48-4599-a56e-19b057380030",
+      "created": "2023-03-20T18:46:08.304Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:46:08.304Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc",
+      "created": "2023-03-20T18:49:38.917Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:49:38.917Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--146275c0-b6dd-4700-bded-bc361a67d023",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.253Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2019-12-10T16:07:41.078Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) attempts to gain root access by using local exploits.(Citation: SecureList DVMap June 2017)",
+      "modified": "2020-09-14T14:13:45.253Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)",
       "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -22037,22 +17555,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9",
+      "id": "relationship--3abc80ad-4ea0-4e91-a170-f040469c2083",
       "type": "relationship",
-      "created": "2020-09-11T15:52:12.520Z",
+      "created": "2020-07-20T13:27:33.483Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
         }
       ],
-      "modified": "2020-09-11T15:52:12.520Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can block, forward, hide, and send SMS messages.(Citation: Bitdefender Mandrake)",
+      "modified": "2020-08-10T21:57:54.688Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can take photos and videos.(Citation: Talos-WolfRAT)",
       "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -22060,21 +17578,138 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82",
       "type": "relationship",
-      "created": "2020-09-11T16:22:03.301Z",
+      "id": "relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e",
+      "created": "2022-03-30T20:43:31.249Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:43:31.249Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545",
+      "created": "2019-09-23T13:36:08.429Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:56:23.365Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) processes incoming SMS messages by filtering based on phone numbers, keywords, and regular expressions, focusing primarily on banks, payment systems, and mobile network operators. [Rotexy](https://attack.mitre.org/software/S0411) can also send a list of all SMS messages on the device to the command and control server.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f6a451e8-2125-4bbe-be52-e682523cd169",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
         }
       ],
-      "modified": "2020-09-11T16:22:03.301Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect system information, including brand, manufacturer, and serial number.(Citation: Lookout ViperRAT)",
+      "modified": "2019-10-15T19:37:21.273Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests the device phone number, IMEI, and IMSI.(Citation: PaloAlto-SpyDealer)",
       "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--36298fd6-d909-4490-8a04-095aef9ffafe",
+      "type": "relationship",
+      "created": "2020-11-20T15:54:07.747Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T15:54:07.747Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can record audio from the microphone and phone calls.(Citation: Symantec GoldenCup) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6",
+      "created": "2023-01-19T18:07:26.323Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:13:32.345Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can utilize WebViews to display fake authentication pages that capture user credentials.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.237Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.237Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s battery level, network operator, connection information, sensor information, and information about the device’s storage and memory.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -22083,76 +17718,69 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835",
       "type": "relationship",
-      "id": "relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5",
-      "created": "2019-08-08T18:47:57.655Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android 10 Privacy Changes",
-          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
-          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device’s default IME.(Citation: Android 10 Privacy Changes) ",
-      "modified": "2022-04-01T16:35:38.189Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--29357289-362c-447c-b387-9a38b50d7296",
-      "created": "2022-04-15T17:20:06.338Z",
-      "x_mitre_version": "0.1",
       "external_references": [
         {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        },
-        {
-          "source_name": "Check Point-Joker",
-          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
-          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) uses various tricks to obfuscate its strings including standard and custom encryption, programmatically building strings at runtime, and splitting unencrypted strings with repeated delimiters to break up keywords. [Bread](https://attack.mitre.org/software/S0432) has also abused Java and JavaScript features to obfuscate code. [Bread](https://attack.mitre.org/software/S0432) payloads have hidden code in native libraries and encrypted JAR files in the data section of an ELF file. [Bread](https://attack.mitre.org/software/S0432) has stored DEX payloads as base64-encoded strings in the Android manifest and internal Java classes.(Citation: Check Point-Joker)(Citation: Google Bread)",
-      "modified": "2022-04-15T17:20:06.338Z",
+      "modified": "2019-10-15T19:54:10.285Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) gathered system information including phone number, OS version, phone model, and SDK version.(Citation: Kaspersky-WUC)",
       "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24",
       "type": "relationship",
-      "id": "relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6",
-      "created": "2022-03-30T13:48:43.977Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
-      "modified": "2022-03-30T13:48:43.977Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2020-01-27T17:05:58.267Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.267Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can track the device’s location.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.547Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.547Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect various pieces of device information, such as serial number and product information.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -22182,82 +17810,17 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb",
       "type": "relationship",
-      "created": "2020-06-26T14:55:13.261Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.261Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect system information such as OS version, device vendor, and the type of screen lock that is active on the device.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6ce36374-2ff6-4b41-8493-148416153232",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.443Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.526Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect user account, photos, browser history, and arbitrary files.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c00031dd-0466-4fd2-9724-ab1c04232bad",
-      "created": "2023-03-20T18:44:40.722Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:40.722Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1987b242-c868-40b2-993d-9dbeea311d4b",
-      "created": "2022-03-30T14:08:09.882Z",
+      "id": "relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724",
+      "created": "2022-04-01T15:02:21.344Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:08:09.882Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "description": "Device attestation can often detect jailbroken devices. ",
+      "modified": "2022-04-01T15:02:21.344Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -22266,170 +17829,307 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3",
+      "id": "relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0",
       "type": "relationship",
-      "created": "2020-01-27T17:05:58.215Z",
+      "created": "2020-12-24T21:55:56.686Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-01-27T17:05:58.215Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of running processes.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2020-12-24T21:55:56.686Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed common system information.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-10-15T19:56:13.162Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) exfiltrates details of the victim device operating system and manufacturer.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--ff3aa49b-c054-44ec-89da-6c67d4995193",
+      "created": "2023-03-20T18:44:44.257Z",
+      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "modified": "2023-03-20T18:44:44.257Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "modified": "2019-10-09T14:51:42.845Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb",
+      "id": "relationship--919a13bc-74be-4660-af63-454abee92635",
       "type": "relationship",
-      "created": "2020-12-17T20:15:22.444Z",
+      "created": "2019-03-11T15:13:40.408Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
+          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
+          "source_name": "TrendMicro-Anserver2"
+        }
+      ],
+      "modified": "2019-08-05T20:05:25.571Z",
+      "description": "\n[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device IMEI and IMSI.(Citation: TrendMicro-Anserver2)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--83d95d05-7545-4295-894b-f33a2ba1063b",
+      "created": "2020-12-17T20:15:22.492Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
         }
       ],
-      "modified": "2020-12-17T20:15:22.444Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:47:45.408Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)",
       "relationship_type": "uses",
       "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c50e9e7-e13c-4814-98d0-088d73b10005",
+      "created": "2023-03-03T16:21:24.531Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:21:24.531Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has modified Safari’s default search engine, bookmarked websites, opened pages, and accessed contacts and authorization tokens of the IM program “QQ” on infected devices.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19",
+      "created": "2020-09-24T15:26:15.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:41:01.468Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has exfiltrated data using HTTP requests.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7",
+      "created": "2022-04-01T18:45:11.299Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.",
+      "modified": "2022-04-01T18:45:11.299Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2",
-      "created": "2020-12-24T22:04:28.027Z",
+      "id": "relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb",
+      "created": "2023-02-06T19:00:42.449Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:22:43.518Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can access a device's location.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.398Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.398Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.005Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
           "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:20:48.937Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ",
+      "modified": "2020-12-24T22:04:28.005Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
       "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f",
+      "created": "2022-03-30T18:14:04.881Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Symantec-iOSProfile2",
+          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
+          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
+        },
+        {
+          "source_name": "Android-TrustedCA",
+          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
+          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
+      "modified": "2022-03-30T18:14:04.881Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
       "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b",
+      "created": "2023-03-20T15:56:47.307Z",
       "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:53:41.561Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can view contacts.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "modified": "2023-03-20T15:56:47.307Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
+      "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30",
-      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:26:35.443Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) maintains persistence by installing an Android application package (APK) on the system partition.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -22462,22 +18162,68 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc",
+      "id": "relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93",
       "type": "relationship",
-      "created": "2020-07-15T20:20:59.298Z",
+      "created": "2020-09-11T15:50:18.937Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
         }
       ],
-      "modified": "2020-07-15T20:20:59.298Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) obfuscates its hardcoded C2 URLs.(Citation: Bitdefender Mandrake)",
+      "modified": "2020-09-11T15:50:18.937Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)",
       "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--496976ef-4a0c-4782-95e7-231bd44df162",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.295Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.295Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device information, including device model and OS version.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "modified": "2019-10-09T14:51:42.845Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -22486,9 +18232,103 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--212801c2-5d14-4381-b25a-340cda11a5ac",
-      "created": "2020-12-18T20:14:47.310Z",
+      "id": "relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59",
+      "created": "2020-11-24T18:18:33.743Z",
       "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users’ credentials.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-15T17:39:22.154Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b",
+      "created": "2023-02-06T19:47:08.535Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-30T15:13:44.210Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has code to encrypt device data with AES.(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9",
+      "created": "2022-03-28T19:32:05.234Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
+      "modified": "2022-03-28T19:32:05.234Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.745Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.745Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the list of installed apps.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a1fac829-275a-409a-9060-e7bd7c63057e",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
           "source_name": "WhiteOps TERRACOTTA",
@@ -22496,41 +18336,12 @@
           "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has displayed a form to collect user data after installation.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-12-18T20:14:47.375Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can obtain a list of installed apps.(Citation: WhiteOps TERRACOTTA)",
       "relationship_type": "uses",
       "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9951d8c0-d210-4776-808b-421b613f244f",
-      "created": "2019-09-23T13:36:08.463Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:55:41.638Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) hides its icon after first launch.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -22552,32 +18363,6 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d724bcf3-25d2-406a-b612-333fea5e2385",
-      "created": "2020-10-29T17:48:27.440Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "type": "relationship",
       "id": "relationship--23ecc134-0623-45ec-b8b5-52516483bda1",
@@ -22604,6 +18389,687 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--82f51cc6-6ce4-459e-b598-7b2b77983469",
+      "created": "2020-04-24T15:06:33.526Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:28:18.530Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect SMS messages.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d6be8665-afbb-4be5-a56a-493af01b120a",
+      "created": "2022-03-30T15:52:29.935Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can potentially detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T15:52:29.935Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc",
+      "created": "2023-02-06T19:41:40.104Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:35:04.072Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can silently intercept and manipulate notifications. [S.O.V.A.](https://attack.mitre.org/software/S1062) can also inject cookies via push notifications.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--89565753-23c4-422d-a9ba-39f4101cd819",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.485Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.485Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can track the device’s location.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99",
+      "created": "2017-10-25T14:48:53.742Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Elcomsoft-iOSRestricted",
+          "url": "https://blog.elcomsoft.com/2018/09/ios-12-enhances-usb-restricted-mode/",
+          "description": "Oleg Afonin. (2018, September 20). iOS 12 Enhances USB Restricted Mode. Retrieved September 21, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS 11.4.1 and higher introduce USB Restricted Mode, which disables data access through the device's charging port under certain conditions (making the port only usable for power), likely preventing this technique from working.(Citation: Elcomsoft-iOSRestricted)",
+      "modified": "2022-04-01T15:35:28.360Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b0625604-e4c4-402b-b191-f43137d38d99",
+      "created": "2020-11-20T15:44:57.481Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:29:50.160Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect sent and received SMS messages.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6885280e-5423-422a-94f1-e91d557e043e",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-XcodeGhost1",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/",
+          "description": "Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016."
+        },
+        {
+          "source_name": "PaloAlto-XcodeGhost",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) was injected into apps by a modified version of Xcode (Apple's software development tool).(Citation: PaloAlto-XcodeGhost1)(Citation: PaloAlto-XcodeGhost)",
+      "modified": "2022-04-15T15:10:16.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--58c857f8-4f40-48e0-b3ac-41944d82b576",
+      "created": "2020-12-24T22:04:27.991Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:54:02.223Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6ce36374-2ff6-4b41-8493-148416153232",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.443Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.526Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect user account, photos, browser history, and arbitrary files.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.815Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.815Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device’s camera.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--520c7112-9768-42c5-8917-1950efd182f9",
+      "created": "2023-02-06T19:38:45.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:33:30.155Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use keylogging to capture user input.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--046acda0-91de-4385-bcfb-157570d8e51d",
+      "created": "2023-03-30T15:25:00.442Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-30T15:26:46.611Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can search for installed applications that match a list of targets.(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.304Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.304Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has stored encrypted strings in the APK file.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.631Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.741Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) queries the device for metadata, such as device ID, OS version, and the number of cameras.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f776a4da-0fa6-414c-a705-e9e8b419e056",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.058Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        },
+        {
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.058Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can inject input to grant itself additional permissions without user interaction and to prevent application removal.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8b27a786-b4d9-4014-a249-3725442f9f1d",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.499Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.499Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can obtain a list of installed applications.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.548Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.548Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can obtain a list of installed applications.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56",
+      "created": "2017-10-25T14:48:53.738Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions. ",
+      "modified": "2022-04-01T13:51:48.934Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7017085c-c612-48b2-b655-e18d7822d0e7",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:39:48.895Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests phone call history from victims.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.801Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.571Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included video recording in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd",
+      "created": "2022-04-01T15:03:02.553Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:03:02.553Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eee008fa-a46f-4542-93e3-8fe5f949130f",
+      "created": "2023-01-19T18:06:57.242Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:21:37.086Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can check to see if WiFi is enabled.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9d264e84-27b2-4867-82c8-55486a969d7c",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.489Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.489Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e2ee6825-43c2-441f-ba96-404a330a9059",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:54:51.590Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) steals contacts from the victim user's device.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6c0105f3-e919-499d-b080-d127394d2837",
+      "created": "2022-03-30T18:14:23.210Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
+      "modified": "2022-03-30T18:14:23.210Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea",
+      "created": "2019-10-18T14:52:53.193Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
+      "modified": "2022-03-30T20:07:50.094Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c034c66-18ad-4b30-9f17-ed574c10918f",
+      "created": "2023-03-20T18:56:20.203Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:56:20.203Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb",
+      "created": "2020-09-15T15:18:12.466Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:17:07.033Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76",
@@ -22630,112 +19096,21 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "type": "relationship",
-      "id": "relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a",
-      "created": "2020-10-29T19:21:23.143Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:48:18.023Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has registered to receive the `BOOT_COMPLETED` broadcast intent to activate on device startup.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.410Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.410Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd",
-      "created": "2022-04-01T15:03:02.553Z",
+      "id": "relationship--30ab9ce7-5369-402a-94ee-f8452642acb9",
+      "created": "2022-03-30T19:50:37.739Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-01T15:03:02.553Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6a821e14-8247-408b-af37-9cecbba616ec",
-      "type": "relationship",
-      "created": "2020-05-07T15:33:32.945Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-07T15:33:32.945Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device’s application list.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f",
-      "created": "2022-03-30T19:28:55.980Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates typically provide patches for vulnerabilities that could be abused by malicious applications.",
-      "modified": "2022-03-30T19:28:55.980Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "modified": "2022-03-30T19:50:37.739Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -22770,15 +19145,27 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0",
+      "id": "relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd",
       "type": "relationship",
-      "created": "2019-09-15T15:32:17.563Z",
+      "created": "2020-04-08T18:55:29.205Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-07-09T14:07:02.315Z",
-      "description": "Application developers could be encouraged to avoid placing sensitive data in notification text.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        },
+        {
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.565Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can exfiltrate files encrypted with the ransomware module from the device and can modify external storage.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -22786,44 +19173,100 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37",
+      "id": "relationship--9e458d77-c856-4b02-82a7-50947b232dc3",
       "type": "relationship",
-      "created": "2020-05-07T15:24:49.583Z",
+      "created": "2021-10-01T14:42:49.183Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-05-27T13:23:34.544Z",
-      "description": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-06T15:32:46.533Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary’s inbox.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f989562f-41a8-46d3-94ba-fca7269ae592",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.072Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--e2ee6825-43c2-441f-ba96-404a330a9059",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--6d2c7743-fc75-4524-b217-13867ca1dd10",
+      "created": "2019-09-03T20:08:00.649Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+          "source_name": "Talos Gustuff Apr 2019",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:54:51.590Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) steals contacts from the victim user's device.(Citation: CheckPoint-Charger)",
+      "modified": "2023-04-05T17:32:04.659Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) can collect the contact list.(Citation: Talos Gustuff Apr 2019) ",
       "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "url": "https://www.wandera.com/reddrop-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:01:48.463Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses HTTP requests for C2 communication.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -22848,92 +19291,139 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea",
-      "created": "2019-10-18T14:52:53.193Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
-      "modified": "2022-03-30T20:07:50.094Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd",
-      "created": "2020-06-26T14:55:13.333Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:49:38.924Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) registers for the `BOOT_COMPLETED` intent to auto-start after the device boots.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25",
-      "type": "relationship",
-      "created": "2020-09-11T15:55:43.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2020-09-11T15:55:43.774Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ab18ee61-f94a-411c-9893-941714ce713e",
-      "created": "2023-03-20T18:44:26.642Z",
+      "id": "relationship--7793a066-d72b-4a60-9579-e16369ea7185",
+      "created": "2023-03-20T18:57:55.221Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:44:26.642Z",
+      "modified": "2023-03-20T18:57:55.221Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c",
+      "created": "2022-04-01T16:51:20.688Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should scrutinize every device administration permission request. If the request is not expected or the user does not recognize the application, the application should be uninstalled immediately.",
+      "modified": "2022-04-01T16:51:20.688Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37",
+      "type": "relationship",
+      "created": "2020-05-07T15:24:49.583Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-05-27T13:23:34.544Z",
+      "description": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.412Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.412Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has included native modules.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556",
+      "created": "2019-09-04T15:38:56.678Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm"
+        },
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:44:31.870Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) is capable of hiding SuperSU's icon if it is installed and visible.(Citation: FortiGuard-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) can also hide its own icon to make detection and the uninstallation process more difficult.(Citation: FlexiSpy-Features)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:53:41.561Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can view contacts.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -22980,6 +19470,124 @@
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:17:53.923Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.215Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.215Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of running processes.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.444Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.444Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.301Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.301Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect system information, including brand, manufacturer, and serial number.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--32be51e2-f74d-441f-aa0d-952697a76494",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
+        }
+      ],
+      "modified": "2019-10-14T18:08:28.599Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses a `FileObserver` object to monitor the Skype and WeChat database file and shared preferences to retrieve chat messages, account information, and profile pictures of the account owner and chat participants. [FlexiSpy](https://attack.mitre.org/software/S0408) can also spy on popular applications, including Facebook, Hangouts, Hike, Instagram, Kik, Line, QQ, Snapchat, Telegram, Tinder, Viber, and WhatsApp.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -23003,6 +19611,77 @@
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956",
+      "created": "2020-11-24T17:55:12.873Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:21:56.899Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has communicated with the C2 using HTTP requests or WebSockets as a backup.(Citation: Talos GPlayed) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2",
+      "created": "2020-12-24T22:04:28.027Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:20:48.937Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c00031dd-0466-4fd2-9724-ab1c04232bad",
+      "created": "2023-03-20T18:44:40.722Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:44:40.722Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -23024,222 +19703,17 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--7017085c-c612-48b2-b655-e18d7822d0e7",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:39:48.895Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests phone call history from victims.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fc816ddc-199d-47b0-93af-c81305d0919f",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.767Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.767Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--81db3270-4cb8-4982-8ff8-c28a874e8421",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-DressCode",
-          "description": "Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DressCode](https://attack.mitre.org/software/S0300) sets up a \"general purpose tunnel\" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.(Citation: TrendMicro-DressCode)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d995dfff-e4b2-4e07-8e76-b064354f591a",
-      "created": "2022-04-01T12:49:32.365Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar. ",
-      "modified": "2022-04-01T12:49:32.365Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.304Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.304Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has stored encrypted strings in the APK file.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5977289e-d38f-4974-912b-2151fc00c850",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.524Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.524Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s phone number and IMSI.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112",
-      "created": "2022-04-05T19:59:03.285Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:59:03.285Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.339Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.339Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used timer events in React Native to initiate the foreground service.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--79ef0025-3e1c-4914-9873-19808c2a5bec",
-      "created": "2023-02-28T21:44:22.373Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:44:22.373Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record the screen and stream the data off the device.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7793a066-d72b-4a60-9579-e16369ea7185",
-      "created": "2023-03-20T18:57:55.221Z",
+      "id": "relationship--73d22490-4043-42d7-ad25-74e4a642bf6a",
+      "created": "2023-03-20T18:41:45.186Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:57:55.221Z",
+      "modified": "2023-03-20T18:41:45.186Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -23250,69 +19724,49 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798",
+      "id": "relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7",
       "type": "relationship",
-      "created": "2020-10-29T19:01:13.854Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Microsoft MalLockerB",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
         }
       ],
-      "modified": "2020-10-29T19:01:13.854Z",
-      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has employed both name mangling and meaningless variable names in source. [AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. (Citation: Microsoft MalLockerB)",
+      "modified": "2019-10-15T19:56:13.162Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) exfiltrates details of the victim device operating system and manufacturer.(Citation: Wandera-RedDrop)",
       "relationship_type": "uses",
-      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--9951d8c0-d210-4776-808b-421b613f244f",
+      "created": "2019-09-23T13:36:08.463Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--27247071-356b-4b5f-bc8f-6436a3fec095",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's location.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2023-04-05T16:55:41.638Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) hides its icon after first launch.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.745Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.745Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the list of installed apps.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -23320,24 +19774,73 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--5619e263-d48c-47a5-ab68-8677fe080a15",
-      "created": "2022-03-30T14:42:27.821Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5",
+      "created": "2019-08-08T18:47:57.655Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android 10 Privacy Changes",
+          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
+          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:42:27.821Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "description": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device’s default IME.(Citation: Android 10 Privacy Changes) ",
+      "modified": "2022-04-01T16:35:38.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
       "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9",
+      "type": "relationship",
+      "created": "2020-09-11T15:52:12.520Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:52:12.520Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can block, forward, hide, and send SMS messages.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24",
+      "created": "2023-03-15T16:40:37.553Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-15T16:40:37.553Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8",
-      "created": "2023-01-18T19:58:00.503Z",
+      "id": "relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2",
+      "created": "2023-01-18T19:57:13.265Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -23350,169 +19853,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:57:14.522Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use RC4 to encrypt C2 payloads.(Citation: nccgroup_sharkbot_0322)",
+      "modified": "2023-03-27T18:43:35.115Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use Accessibility Services to detect which process is in the foreground.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
       "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--27050442-e578-44b7-9534-ada78824befe",
-      "created": "2023-02-06T19:45:09.612Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:45:09.612Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can intercept and read SMS messages.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--789699c2-44f1-4280-bf86-ab23e6a13e84",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:18:51.813Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--df036f55-f749-4dad-9473-d69535e0f98d",
-      "created": "2020-06-26T14:55:13.385Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to record the screen PIN.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-15T17:39:39.931Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6885280e-5423-422a-94f1-e91d557e043e",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost1",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/",
-          "description": "Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016."
-        },
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) was injected into apps by a modified version of Xcode (Apple's software development tool).(Citation: PaloAlto-XcodeGhost1)(Citation: PaloAlto-XcodeGhost)",
-      "modified": "2022-04-15T15:10:16.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.386Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-09-23T13:36:08.386Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects the device's IMEI and sends it to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc",
-      "created": "2023-02-06T19:41:40.104Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:35:04.072Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can silently intercept and manipulate notifications. [S.O.V.A.](https://attack.mitre.org/software/S1062) can also inject cookies via push notifications.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -23522,43 +19867,103 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--97158eda-5092-4939-8b5c-1ef5ab918089",
       "type": "relationship",
-      "id": "relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99",
-      "created": "2017-10-25T14:48:53.742Z",
-      "x_mitre_version": "1.0",
+      "created": "2020-04-24T15:12:11.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Elcomsoft-iOSRestricted",
-          "url": "https://blog.elcomsoft.com/2018/09/ios-12-enhances-usb-restricted-mode/",
-          "description": "Oleg Afonin. (2018, September 20). iOS 12 Enhances USB Restricted Mode. Retrieved September 21, 2018."
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
         }
       ],
+      "modified": "2020-04-24T15:12:11.189Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) can collect device photos.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51",
+      "created": "2022-04-01T12:37:17.515Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "iOS 11.4.1 and higher introduce USB Restricted Mode, which disables data access through the device's charging port under certain conditions (making the port only usable for power), likely preventing this technique from working.(Citation: Elcomsoft-iOSRestricted)",
-      "modified": "2022-04-01T15:35:28.360Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "description": "OS feature updates often enhance security and privacy around permissions. ",
+      "modified": "2022-04-01T12:37:17.515Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--ab18ee61-f94a-411c-9893-941714ce713e",
+      "created": "2023-03-20T18:44:26.642Z",
+      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c",
-      "created": "2022-04-06T15:52:07.805Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
+      "modified": "2023-03-20T18:44:26.642Z",
       "description": "",
-      "modified": "2022-04-06T15:52:07.805Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630",
+      "created": "2020-07-15T20:20:59.300Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can manipulate visual components to trick the user into granting dangerous permissions, and can use phishing overlays and JavaScript injection to capture credentials.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6",
+      "created": "2022-03-30T13:48:43.977Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
+      "modified": "2022-03-30T13:48:43.977Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -23567,97 +19972,42 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc",
       "type": "relationship",
-      "created": "2019-09-23T13:36:08.441Z",
+      "id": "relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388",
+      "created": "2022-03-30T20:36:18.656Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Attestation can typically detect rooted devices. For MDM-enrolled devices, action can be taken if a device fails an attestation check. ",
+      "modified": "2022-03-30T20:36:18.656Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-09-23T13:36:08.441Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) retrieves a list of installed applications and sends it to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f776a4da-0fa6-414c-a705-e9e8b419e056",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.058Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        },
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.058Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can inject input to grant itself additional permissions without user interaction and to prevent application removal.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1fac829-275a-409a-9060-e7bd7c63057e",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.375Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can obtain a list of installed apps.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--98ae9cb2-1141-48c6-81fd-f16adb430031",
-      "created": "2023-01-18T19:17:07.565Z",
+      "id": "relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9",
+      "created": "2023-02-28T21:42:52.037Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:07:52.850Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can request the `READ_EXTERNAL_STORAGE` and `WRITE_EXTERNAL_STORAGE` Android permissions.(Citation: cyble_drinik_1022)",
+      "modified": "2023-03-29T21:25:22.438Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request location permissions.(Citation: cloudmark_tanglebot_0921)",
       "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -23665,53 +20015,30 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--58c857f8-4f40-48e0-b3ac-41944d82b576",
-      "created": "2020-12-24T22:04:27.991Z",
+      "id": "relationship--418168ad-fee9-42c8-ac27-11f7472a5f86",
+      "created": "2019-09-03T19:45:48.498Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:54:02.223Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2023-04-05T17:09:08.738Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) One checks in with the command and control server using HTTP POST requests.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.698Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.412Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included location tracking capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -23735,438 +20062,7 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9",
-      "created": "2022-03-28T19:32:05.234Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
-      "modified": "2022-03-28T19:32:05.234Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59",
-      "created": "2020-11-24T18:18:33.743Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users’ credentials.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-15T17:39:22.154Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d64c4924-76f0-4b2e-858d-b0df733334d0",
-      "created": "2023-02-06T19:03:11.265Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:23:09.430Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can modify system settings to give itself device administrator privileges.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3",
-      "created": "2020-07-15T20:20:59.287Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:53:17.865Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can disable Play Protect.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--eee008fa-a46f-4542-93e3-8fe5f949130f",
-      "created": "2023-01-19T18:06:57.242Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:21:37.086Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can check to see if WiFi is enabled.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4",
-      "created": "2022-09-29T21:22:06.716Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T18:45:10.156Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors to continually forward all SMS messages and call information back to their C2 servers.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--17e94f34-e367-491c-9f9f-79294e124b4f",
-      "created": "2020-12-17T20:15:22.501Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:22:48.246Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--12d61e7d-7fa6-422d-9817-901decf6b650",
-      "created": "2019-07-10T15:35:43.663Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) uses phishing popups to harvest user credentials.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--496976ef-4a0c-4782-95e7-231bd44df162",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.295Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.295Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device information, including device model and OS version.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.413Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.413Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has compressed and encrypted data before exfiltration using password protected .7z archives.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd",
-      "created": "2019-09-03T19:45:48.503Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:10:38.937Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can download the address book.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--35a12ae8-562d-4e24-979e-ef970dde0b94",
-      "created": "2022-04-15T17:52:24.125Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-15T17:52:24.125Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.259Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.259Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc",
-      "created": "2022-04-01T13:18:40.460Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Contact list access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their contact list. ",
-      "modified": "2022-04-01T13:18:40.460Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b",
-      "created": "2023-02-06T19:47:08.535Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-30T15:13:44.210Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has code to encrypt device data with AES.(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--69de3f7e-faa7-4342-b755-4777a68fd89b",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) is capable of recording device phone calls.(Citation: Zscaler-SuperMarioRun)",
-      "modified": "2022-05-20T17:13:16.508Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a3c4b392-2879-4f31-9431-3398e034851b",
-      "created": "2022-04-06T13:52:37.470Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be cautioned against granting administrative access to applications.",
-      "modified": "2022-04-06T13:52:37.470Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856",
-      "created": "2020-05-04T14:04:56.211Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020.",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:03:51.504Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) communicates with the C2 server using HTTP requests.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218",
+      "id": "relationship--6b41d649-bcd0-4427-baa1-15a145bace6e",
       "type": "relationship",
       "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -24177,61 +20073,35 @@
           "source_name": "PaloAlto-SpyDealer"
         }
       ],
-      "modified": "2019-08-09T17:56:05.686Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2019-08-09T17:56:05.642Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) downloads and executes root exploits from a remote server.(Citation: PaloAlto-SpyDealer)",
       "relationship_type": "uses",
       "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8",
-      "created": "2023-03-01T22:18:19.004Z",
+      "id": "relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6",
+      "created": "2020-01-21T14:20:50.409Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+          "source_name": "Bitdefender - Triout 2018",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-31T22:14:48.174Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can send contact lists to its C2 server.(Citation: proofpoint_flubot_0421)",
+      "modified": "2023-04-05T20:46:20.857Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) includes code to hide its icon, but the function does not appear to be called in an analyzed version of the software.(Citation: Bitdefender - Triout 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1",
-      "created": "2019-07-10T15:35:43.661Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:32:57.154Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures and exfiltrates all SMS messages, including future messages as they are received.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -24242,16 +20112,42 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f",
-      "created": "2022-04-01T18:52:13.171Z",
+      "id": "relationship--3272111a-f31d-47d5-a266-1749255b5016",
+      "created": "2019-09-23T13:36:08.335Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can be controlled through SMS messages.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2a472430-c30e-4877-8933-2e75f1de9a01",
+      "created": "2022-03-30T14:00:45.120Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
-      "modified": "2022-04-01T18:52:13.171Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "description": "",
+      "modified": "2022-03-30T14:00:45.120Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -24260,78 +20156,99 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef",
+      "type": "relationship",
+      "id": "relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0",
+      "created": "2019-09-04T20:01:42.722Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Enterprise policies should block access to the Android Debug Bridge (ADB) by preventing users from enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development). An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
+      "modified": "2022-04-01T13:32:19.919Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7defdb15-65d1-40ca-a9da-5c0484892484",
+      "created": "2020-04-24T17:46:31.616Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can be controlled via encrypted SMS message.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.340Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T18:55:29.238Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can use its ransomware module to encrypt device data and hold it for ransom.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3",
       "type": "relationship",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+          "source_name": "Gooligan Citation",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
         }
       ],
-      "modified": "2019-10-10T15:24:09.248Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) collects the device's location.(Citation: Zscaler-SpyNote)",
+      "modified": "2019-10-10T15:18:51.121Z",
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) steals authentication tokens that can be used to access data from multiple Google applications.(Citation: Gooligan Citation)",
       "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc",
-      "created": "2023-03-20T18:14:50.401Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:47:25.861Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--35927c96-7645-4ef3-b3da-e44822386a10",
-      "created": "2023-01-18T21:43:10.838Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:47:19.403Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) contains domain generation algorithms to use as backups in case the hardcoded C2 domains are unavailable.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3",
-      "type": "relationship",
+      "id": "relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "Lookout-PegasusAndroid",
@@ -24339,11 +20256,39 @@
           "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
         }
       ],
-      "modified": "2019-08-09T17:52:31.854Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses the list of installed applications.(Citation: Lookout-PegasusAndroid)",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:13:18.720Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses call logs.(Citation: Lookout-PegasusAndroid)",
       "relationship_type": "uses",
       "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.640Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.640Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can encrypt exfiltrated data.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24352,69 +20297,67 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef",
-      "created": "2022-04-05T20:14:17.442Z",
+      "id": "relationship--56a255a5-9fa2-45bb-8848-fd0a68514467",
+      "created": "2022-04-11T20:06:56.034Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-05T20:14:17.442Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "modified": "2022-04-11T20:06:56.034Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--53364899-1ea5-47fa-afde-c210aed64120",
       "type": "relationship",
-      "created": "2019-07-10T15:47:19.659Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-07-16T15:35:21.086Z",
-      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c41d817e-913e-4574-b8d4-370de9f0034b",
-      "created": "2019-11-18T14:47:25.327Z",
+      "id": "relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e",
+      "created": "2020-06-26T15:32:24.921Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Google Triada June 2019",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019.",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html"
-        },
-        {
-          "source_name": "Kaspersky Triada March 2016",
-          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019.",
-          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/"
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:19:16.331Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) injects code into the Zygote process to effectively include itself in all forked processes. Additionally, code is injected into the Android Play Store App, web browser applications, and the system UI application.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada March 2016)",
+      "modified": "2023-04-05T20:50:47.973Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.(Citation: Threat Fabric Cerberus)",
       "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--22773074-4a95-48e0-905f-688ce048b5ed",
+      "created": "2020-04-24T17:46:31.593Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:53:51.524Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can prevent the user from interacting with the UI by showing a WebView with a persistent cursor.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -24445,73 +20388,238 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--1cc71849-142f-4097-9546-7946b0b546a6",
-      "created": "2020-04-08T15:51:25.125Z",
+      "id": "relationship--681161b2-4e30-4d49-8524-6cc0d94585cb",
+      "created": "2023-03-16T13:33:26.925Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T13:33:26.925Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf",
+      "created": "2023-03-20T18:59:14.759Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:59:14.759Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224",
+      "type": "relationship",
+      "created": "2019-09-03T20:08:00.670Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
+        }
+      ],
+      "modified": "2019-10-10T15:19:47.960Z",
+      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can capture files and photos from the compromised device.(Citation: Talos Gustuff Apr 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25",
+      "type": "relationship",
+      "created": "2020-09-11T15:55:43.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2020-09-11T15:55:43.774Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb",
+      "created": "2023-03-20T18:43:03.537Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:43:03.537Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4",
+      "created": "2022-04-06T15:28:20.249Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not grant applications unexpected or unnecessary permissions. ",
+      "modified": "2022-04-06T15:28:20.249Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef",
+      "created": "2022-04-05T20:14:17.442Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:14:17.442Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--901492b5-b074-4631-ad6e-4178caa4164a",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.017Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.017Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb3b32a8-6422-4d44-91e3-27a58e569963",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.494Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.179Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take screenshots of any application in the foreground.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9d621873-6d3c-4660-be9a-57e2e8648236",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "ThreatFabric Ginp",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+          "source_name": "Proofpoint-Marcher",
+          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018.",
+          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:29:22.884Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)",
+      "modified": "2023-04-05T21:24:29.502Z",
+      "description": "[Marcher](https://attack.mitre.org/software/S0317) requests Android Device Administrator access.(Citation: Proofpoint-Marcher)",
       "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78",
-      "created": "2023-03-20T18:54:09.674Z",
-      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:54:09.674Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
+      "id": "relationship--b018fe06-740b-4864-b30a-f047598506b3",
       "type": "relationship",
-      "id": "relationship--3857f790-6ea1-4f37-8d90-90904f175d63",
-      "created": "2023-01-18T21:37:55.717Z",
+      "created": "2020-04-24T15:06:33.510Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:48:17.771Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) has C2 commands that can uninstall the app from the infected device.(Citation: nccgroup_sharkbot_0322)",
+      "modified": "2020-04-24T15:06:33.510Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect various pieces of device information, including OS version, phone model, and manufacturer.(Citation: TrendMicro Coronavirus Updates) ",
       "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -24519,41 +20627,185 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--2a472430-c30e-4877-8933-2e75f1de9a01",
-      "created": "2022-03-30T14:00:45.120Z",
+      "id": "relationship--8ea39534-6fe9-404c-94b7-0f320af95404",
+      "created": "2022-04-01T15:17:21.511Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-03-30T14:00:45.120Z",
+      "modified": "2022-04-01T15:17:21.511Z",
       "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "source_ref": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1",
       "type": "relationship",
-      "id": "relationship--418168ad-fee9-42c8-ac27-11f7472a5f86",
-      "created": "2019-09-03T19:45:48.498Z",
+      "created": "2020-09-11T14:54:16.650Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.650Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) has been distributed in multiple stages.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711",
+      "created": "2023-02-06T20:12:17.434Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:09:08.738Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) One checks in with the command and control server using HTTP POST requests.(Citation: SWB Exodus March 2019) ",
+      "modified": "2023-03-27T18:04:59.445Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can request the `READ_CALL_LOG` permission.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3",
+      "created": "2023-02-06T18:50:12.251Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-14T14:40:57.100Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can check device system properties to potentially avoid running while under analysis.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.377Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.377Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect all accounts stored on the device.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.822Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.822Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request the device’s location.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.492Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-14T17:15:52.637Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) One queries the device for its IMEI code and the phone number in order to validate the target of a new infection.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
       "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bd29ce15-1771-470c-a74b-5ea90832ce23",
+      "created": "2020-12-24T22:04:27.911Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:31:11.269Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -24612,54 +20864,26 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0",
       "type": "relationship",
-      "created": "2020-12-24T22:04:27.997Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.997Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--de45db46-2251-4a29-b4d7-3fcf679e9484",
-      "created": "2019-09-04T15:38:56.877Z",
+      "id": "relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a",
+      "created": "2020-11-20T16:37:28.591Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
-        },
-        {
-          "source_name": "FlexiSpy-Features",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm"
+          "source_name": "Symantec GoldenCup",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:32:16.401Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can intercept SMS and MMS messages as well as monitor messages for keywords.(Citation: CyberMerchants-FlexiSpy)(Citation: FlexiSpy-Features)",
+      "modified": "2023-04-05T20:02:09.253Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has communicated with the C2 using MQTT and HTTP.(Citation: Symantec GoldenCup)",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -24670,81 +20894,99 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--b8606318-8c12-4381-ba33-5b2321772ea0",
-      "created": "2022-03-30T20:31:57.183Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised to be extra scrutinous of applications that request location or sensitive phone information permissions, and to deny any permissions requests for applications they do not recognize.",
-      "modified": "2022-03-30T20:31:57.183Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e",
-      "created": "2020-12-31T18:25:05.165Z",
+      "id": "relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d",
+      "created": "2020-12-18T20:14:47.297Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES) ",
-      "modified": "2022-04-18T16:00:57.320Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has generated non-human advertising impressions.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357",
-      "created": "2019-07-10T15:25:57.572Z",
+      "id": "relationship--56551987-326a-46ad-a34a-59bb7ab793a9",
+      "created": "2020-12-14T14:52:03.266Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:31:46.913Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) captures and exfiltrates SMS messages.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2023-04-05T21:24:07.828Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can request device administrator permissions.(Citation: Sophos Red Alert 2.0)",
       "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b",
+      "created": "2020-07-15T20:20:59.307Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used domain generation algorithms.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5706742b-733d-44e9-a032-62b81ba05bcf",
+      "created": "2020-06-02T14:32:31.897Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:26:52.491Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -24779,278 +21021,24 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a",
-      "created": "2020-11-20T16:37:28.591Z",
+      "id": "relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357",
+      "created": "2019-07-10T15:25:57.572Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Symantec GoldenCup",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:02:09.253Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has communicated with the C2 using MQTT and HTTP.(Citation: Symantec GoldenCup)",
+      "modified": "2023-04-05T20:31:46.913Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) captures and exfiltrates SMS messages.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ed3293cf-de4f-4a73-98af-24325e8187c9",
-      "created": "2020-04-24T17:46:31.598Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:51:43.135Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can detect if it is running on a rooted device or an emulator.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d",
-      "created": "2020-12-18T20:14:47.297Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has generated non-human advertising impressions.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962",
-      "created": "2019-09-23T13:36:08.456Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:58:03.072Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can lock an HTML page in the foreground, requiring the user enter credit card information that matches information previously intercepted in SMS messages, such as the last 4 digits of a credit card number. If attempts to revoke administrator permissions are detected, [Rotexy](https://attack.mitre.org/software/S0411) periodically switches off the phone screen to inhibit permission removal.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113",
-      "created": "2020-06-26T15:32:25.032Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can generate fake notifications and launch overlay attacks against attacker-specified applications.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b",
-      "created": "2020-07-15T20:20:59.307Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used domain generation algorithms.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--56551987-326a-46ad-a34a-59bb7ab793a9",
-      "created": "2020-12-14T14:52:03.266Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:24:07.828Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can request device administrator permissions.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.585Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2021-04-19T17:11:50.418Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect attacker-specified files, including files located on external storage.(Citation: Lookout Desert Scorpion)\t",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a408dee-07da-4855-b2ff-be512480ccb5",
-      "created": "2023-01-19T18:08:41.596Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:18:05.095Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can gather device UDIDs.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.801Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.571Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included video recording in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bd29ce15-1771-470c-a74b-5ea90832ce23",
-      "created": "2020-12-24T22:04:27.911Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:31:11.269Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -25061,22 +21049,14 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879",
+      "id": "relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a",
       "type": "relationship",
-      "created": "2019-09-04T14:28:16.426Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:13.000Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) uses XOR to obfuscate its second stage binary.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -25107,2061 +21087,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--9d264e84-27b2-4867-82c8-55486a969d7c",
+      "id": "relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551",
       "type": "relationship",
-      "created": "2020-12-17T20:15:22.489Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.489Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2",
-      "created": "2020-09-15T15:18:12.460Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:58:31.945Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s network information.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5706742b-733d-44e9-a032-62b81ba05bcf",
-      "created": "2020-06-02T14:32:31.897Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:26:52.491Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.913Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-06T15:32:46.477Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ee095f20-eef5-4dcc-a537-70b387592c2c",
-      "created": "2023-02-28T20:38:46.702Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "bitdefender_flubot_0524",
-          "description": "Filip TRUȚĂ, Răzvan GOSA, Adrian Mihai GOZOB. (2022, May 24). New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike. Retrieved February 28, 2023.",
-          "url": "https://www.bitdefender.com/blog/labs/new-flubot-campaign-sweeps-through-europe-targeting-android-and-ios-users-alike/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:15:20.089Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use Accessibility Services to make removal of the malicious app difficult.(Citation: bitdefender_flubot_0524)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1348c744-3127-4a55-a5b4-2f439f41e941",
-      "created": "2020-07-27T14:14:56.994Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:48:16.775Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can install itself on the system partition to achieve persistence. [Zen](https://attack.mitre.org/software/S0494) can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--59d463d3-3a41-4269-be9a-7a69f44eca78",
-      "created": "2020-10-29T19:21:23.215Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:03:47.434Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has communicated with the C2 server using HTTP.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451",
-      "type": "relationship",
-      "created": "2019-10-10T15:03:27.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-10T15:03:27.682Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) One encrypts data using XOR prior to exfiltration.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:13:18.720Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses call logs.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3272111a-f31d-47d5-a266-1749255b5016",
-      "created": "2019-09-23T13:36:08.335Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can be controlled through SMS messages.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56",
-      "created": "2019-09-03T20:08:00.737Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) abuses accessibility features to intercept all interactions between a user and the device.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T17:39:08.123Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be39c012-7201-4757-8cd6-c855bc945a9e",
-      "type": "relationship",
-      "created": "2019-07-10T15:25:57.623Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "modified": "2019-08-12T17:30:07.568Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e5e4567e-05a3-4d79-beab-191efc336473",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.333Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-03-26T20:50:07.266Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encrypts data using a simple XOR operation with a pre-configured key prior to exfiltration.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52",
-      "created": "2019-09-23T13:36:08.459Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can use phishing overlays to capture users' credit card information.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's phone number, mobile device unique identifier (IMEI).(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.213Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.213Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of installed applications.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.670Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-10-10T15:19:47.960Z",
-      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can capture files and photos from the compromised device.(Citation: Talos Gustuff Apr 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.650Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.650Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) has been distributed in multiple stages.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--146275c0-b6dd-4700-bded-bc361a67d023",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.253Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.253Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can read and write data in the user’s clipboard.(Citation: PaloAlto-XcodeGhost)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4",
-      "created": "2021-01-05T20:16:20.507Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:23:12.919Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can execute commands .(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--085f8397-0233-42d7-855e-3dbd709f2eca",
-      "created": "2023-01-18T21:39:27.823Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:30:43.093Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use the Android “Direct Reply” feature to spread the malware to other devices. It can also download the full version of the malware after initial device compromise.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38",
-      "created": "2022-04-01T18:43:25.764Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
-      "modified": "2022-04-01T18:43:25.764Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0",
-      "created": "2019-09-04T20:01:42.722Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Enterprise policies should block access to the Android Debug Bridge (ADB) by preventing users from enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development). An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
-      "modified": "2022-04-01T13:32:19.919Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.390Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-14T20:49:24.646Z",
-      "description": "Starting in 2017, the [Rotexy](https://attack.mitre.org/software/S0411) DEX file was packed with garbage strings and/or operations.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c",
-      "created": "2021-01-05T20:16:20.508Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:40:43.898Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect the device’s call logs.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--da424f3f-8a93-4a66-858c-b33f587108e6",
-      "type": "relationship",
-      "created": "2020-10-29T17:48:27.225Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T17:48:27.225Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s country and carrier name.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) enables remote control of the victim through SMS channels.(Citation: PaloAlto-SpyDealer)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca",
-      "created": "2020-09-11T16:22:03.285Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:50:52.737Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s contact list.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.296Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect the device’s location.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:27:01.081Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to modify the device's system partition.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.640Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.640Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can encrypt exfiltrated data.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cea30219-a255-43ae-b731-9512c5044523",
-      "created": "2022-04-18T19:46:02.547Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-18T19:46:02.547Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--51b0a4fb-a308-4694-9437-95702a50ebd5",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.231Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.231Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can take photos with the device camera.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd",
-      "created": "2020-07-15T20:20:59.289Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:49:47.110Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can evade automated analysis environments by requiring a CAPTCHA on launch that will prevent the application from running if not passed. It also checks for indications that it is running in an emulator.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.002Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.002Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24",
-      "created": "2023-03-15T16:40:37.553Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:40:37.553Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a8565c17-7054-4d3f-bca5-6e17dc931491",
-      "created": "2023-03-03T16:20:08.033Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:20:08.033Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has used private APIs to download and install other pieces of itself, as well as other malicious apps. (Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--873b98de-d7cf-471b-9aa2-229eb03c9165",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.459Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.459Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.273Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.273Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record audio and phone calls.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f989562f-41a8-46d3-94ba-fca7269ae592",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.072Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd",
-      "created": "2023-03-20T15:40:11.819Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:40:11.819Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a",
-      "created": "2019-11-21T19:16:34.796Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:45:42.081Z",
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) hides its icon from the application launcher.(Citation: CheckPoint SimBad 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3",
-      "created": "2019-07-10T15:35:43.712Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:36:27.557Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) has the ability to delete attacker-specified files from compromised devices.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea",
-      "created": "2022-03-30T19:32:43.015Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.",
-      "modified": "2022-03-30T19:32:43.015Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:50:54.500Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:17:53.923Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb",
-      "created": "2020-09-15T15:18:12.466Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:17:07.033Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1",
-      "created": "2021-10-01T14:42:49.176Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-15T17:33:49.565Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9",
-      "created": "2021-10-01T14:42:49.170Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:26:02.260Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d",
-      "type": "relationship",
-      "created": "2020-10-29T19:21:23.235Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:21:23.235Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has hidden the C2 server address using base-64 encoding. (Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.607Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) contains obfuscated function, class, and variable names, and encrypts its shared preferences using Java’s `PBEWithMD5AndDES` algorithm.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3",
-      "created": "2023-02-06T18:50:12.251Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-14T14:40:57.100Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can check device system properties to potentially avoid running while under analysis.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d3e06522-2a30-4d56-801e-9461178b80ce",
-      "created": "2021-01-05T20:16:20.412Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:45:54.913Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can hide its icon after launch.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--142532a6-bf7c-4b25-be23-16f01160f3c5",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.417Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.417Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298",
-      "created": "2020-12-14T15:02:35.297Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T18:06:30.456Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect the device’s contact list.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51",
-      "created": "2022-04-01T12:37:17.515Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "OS feature updates often enhance security and privacy around permissions. ",
-      "modified": "2022-04-01T12:37:17.515Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3",
-      "created": "2019-10-18T15:51:48.487Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
-      "modified": "2022-04-05T19:42:51.306Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd",
-      "type": "relationship",
-      "created": "2020-04-08T18:55:29.205Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        },
-        {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
-        }
-      ],
-      "modified": "2021-01-20T16:01:19.565Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can exfiltrate files encrypted with the ransomware module from the device and can modify external storage.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d59da983-c521-47b6-83ab-435f7d58611d",
-      "created": "2019-11-21T16:42:48.493Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:12:57.861Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP requests for C2 communication.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c",
-      "created": "2019-08-09T18:02:06.688Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) can capture video using device cameras.(Citation: Zscaler-SuperMarioRun)",
-      "modified": "2022-05-20T17:13:16.507Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3",
-      "created": "2020-12-18T20:14:47.316Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020.",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:50:29.535Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) checks whether its call stack has been modified, an indication that it is running in an analysis environment, and if so, does not decrypt its obfuscated strings(Citation: WhiteOps TERRACOTTA).",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d",
-      "created": "2019-07-10T15:35:43.658Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:57:40.371Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) gathers and exfiltrates data about nearby Wi-Fi access points.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50f03c00-5488-49fe-a527-a8776e526523",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.820Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.820Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect a list of installed applications.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e458d77-c856-4b02-82a7-50947b232dc3",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:49.183Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-06T15:32:46.533Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary’s inbox.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d",
-      "type": "relationship",
-      "created": "2020-01-21T15:30:39.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2020-01-21T15:30:39.335Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can download attacker-specified files.(Citation: Lookout-Monokle) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41",
-      "created": "2023-01-18T21:43:36.398Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-21T18:44:26.569Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can download attacker-specified files.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4088b31b-d542-4935-84b4-82b592159591",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-10-10T15:22:52.591Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.427Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:42:15.628Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can send, receive, and delete SMS messages.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--670a0995-a789-4674-9e91-c74316cdef90",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.621Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.621Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record audio from phone calls and the device microphone.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted location information.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b110d919-acd4-4fe0-a46a-ac4819508667",
-      "created": "2020-07-20T13:58:53.589Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:21:35.992Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has been installed via a malicious configuration profile.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.549Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.524Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "modified": "2019-10-15T19:54:10.285Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) gathered system information including phone number, OS version, phone model, and SDK version.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.025Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.025Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a5b72279-f99e-4f03-8669-04322b40ee6b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
-        }
-      ],
-      "modified": "2020-07-20T13:49:03.710Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) loads an encrypted DEX code payload.(Citation: TrendMicro-XLoader)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d7ca70d4-2006-4252-b243-e52be760e24d",
-      "created": "2022-04-01T13:26:39.773Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Access to SMS messages is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their SMS messages. ",
-      "modified": "2022-04-01T13:26:39.773Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--89565753-23c4-422d-a9ba-39f4101cd819",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.485Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.485Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can track the device’s location.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f84355c2-b829-4324-821a-b5148734bb6b",
-      "created": "2022-04-01T15:21:35.655Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output. ",
-      "modified": "2022-04-01T15:21:35.655Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--98b14660-79e1-4244-99c2-3dedd84eb68d",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.582Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.582Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can track the device’s location.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fada5ba5-7449-4878-b555-82f225473c8b",
-      "created": "2022-03-30T19:28:42.179Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. ",
-      "modified": "2022-03-30T19:28:42.179Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6",
-      "created": "2022-03-30T15:18:21.256Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T15:18:21.256Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b",
-      "created": "2023-03-20T18:41:56.287Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:56.287Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--022e941f-30c3-45a9-9f6f-36e704b80060",
-      "created": "2020-04-24T17:46:31.574Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:44:13.361Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) registers for the `SCREEN_ON` and `SMS_DELIVER` intents to perform actions when the device is unlocked and when the device receives an SMS message.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8b27a786-b4d9-4014-a249-3725442f9f1d",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.499Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.499Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can obtain a list of installed applications.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.655Z",
+      "created": "2021-02-08T16:36:20.698Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -27170,120 +21098,10 @@
           "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
         }
       ],
-      "modified": "2021-05-24T13:16:56.410Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included phone call and audio recording capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2021-05-24T13:16:56.412Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included location tracking capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
       "relationship_type": "uses",
       "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.452Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.452Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2",
-      "created": "2019-09-03T20:08:00.704Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) code is both obfuscated and packed with an FTT packer.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T17:18:58.074Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--82f12052-783e-40e4-8079-d9c030c310fd",
-      "created": "2022-03-30T20:08:40.223Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. ",
-      "modified": "2022-03-30T20:08:40.223Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd",
-      "created": "2023-03-20T18:51:58.152Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:58.152Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.885Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.885Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device’s location.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -27292,10 +21110,29 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--14474366-938a-4359-bf24-e2c718adfaf5",
       "type": "relationship",
-      "created": "2020-06-26T14:55:13.382Z",
+      "id": "relationship--b8606318-8c12-4381-ba33-5b2321772ea0",
+      "created": "2022-03-30T20:31:57.183Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised to be extra scrutinous of applications that request location or sensitive phone information permissions, and to deny any permissions requests for applications they do not recognize.",
+      "modified": "2022-03-30T20:31:57.183Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--df036f55-f749-4dad-9473-d69535e0f98d",
+      "created": "2020-06-26T14:55:13.385Z",
+      "x_mitre_version": "1.0",
       "external_references": [
         {
           "source_name": "Cybereason EventBot",
@@ -27303,873 +21140,30 @@
           "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
         }
       ],
-      "modified": "2020-06-26T14:55:13.382Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can download new libraries when instructed to.(Citation: Cybereason EventBot)",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to record the screen PIN.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-15T17:39:39.931Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.548Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.548Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can obtain a list of installed applications.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ff3aa49b-c054-44ec-89da-6c67d4995193",
-      "created": "2023-03-20T18:44:44.257Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:44.257Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60",
-      "created": "2020-11-24T17:55:12.828Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:21:27.210Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can access the device’s contact list.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a20581b4-21fa-4ed9-b056-d139998868e8",
-      "created": "2019-09-04T14:28:15.970Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:52:44.819Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the device's contact list.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--82f51cc6-6ce4-459e-b598-7b2b77983469",
-      "created": "2020-04-24T15:06:33.526Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:28:18.530Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect SMS messages.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:29:18.098Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) captures SMS messages.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc",
-      "created": "2023-03-20T18:37:57.767Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:37:57.767Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2",
-      "created": "2023-01-18T19:57:13.265Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:43:35.115Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use Accessibility Services to detect which process is in the foreground.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e35b013b-89e8-41b3-a518-7737234ab71b",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.312Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.312Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can take screenshots.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be27a303-5748-4b72-ba69-a328e2f6cc08",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.177Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.177Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--abf03652-acd0-4361-8a66-f7e70e8e4376",
-      "created": "2020-06-02T14:32:31.913Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020.",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:12:12.766Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531",
-      "type": "relationship",
-      "created": "2019-08-07T15:57:13.417Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-15T15:36:42.340Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query various details about the device, including phone number, country, mobile operator, model, root availability, and operating system version.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3c291ee5-1782-4e5b-8131-5188c7388f45",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers the device phone number and IMEI and transmits them to a command and control server.(Citation: FireEye-RuMMS)",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80",
-      "type": "relationship",
-      "created": "2020-07-20T13:49:03.692Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.191Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s Android ID and serial number.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0",
-      "created": "2023-02-28T20:30:01.082Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:08:11.662Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can retrieve the contacts list from an infected device.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--919a13bc-74be-4660-af63-454abee92635",
-      "type": "relationship",
-      "created": "2019-03-11T15:13:40.408Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
-          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
-          "source_name": "TrendMicro-Anserver2"
-        }
-      ],
-      "modified": "2019-08-05T20:05:25.571Z",
-      "description": "\n[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device IMEI and IMSI.(Citation: TrendMicro-Anserver2)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.005Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.005Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a",
-      "created": "2020-01-27T17:05:58.265Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:27:51.998Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s call log.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e",
-      "created": "2020-01-27T17:05:58.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:28:07.442Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) registers for the `USER_PRESENT` broadcast intent and uses it as a trigger to take photos with the front-facing camera.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b0625604-e4c4-402b-b191-f43137d38d99",
-      "created": "2020-11-20T15:44:57.481Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:29:50.160Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect sent and received SMS messages.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad",
-      "created": "2020-12-24T21:55:56.752Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:26:16.282Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploits to root devices and install additional malware on the system partition.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a92a805e-d5f5-4e94-8592-c253e03e4476",
-      "created": "2022-03-31T19:51:15.415Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Package Visibility",
-          "url": "https://developer.android.com/training/package-visibility",
-          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
-      "modified": "2022-04-11T19:19:34.658Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3abc80ad-4ea0-4e91-a170-f040469c2083",
       "type": "relationship",
-      "created": "2020-07-20T13:27:33.483Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.688Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can take photos and videos.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bee919a6-c488-49a0-9848-fff19aa2c276",
-      "type": "relationship",
-      "created": "2021-09-24T14:47:34.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-04T20:08:48.556Z",
-      "description": "Mobile security products can often detect rooted devices.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03",
-      "created": "2020-12-24T21:45:56.962Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:14:46.472Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access call logs.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.(Citation: Lookout-BrainTest)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.267Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.267Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can track the device’s location.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38",
-      "type": "relationship",
-      "created": "2020-05-11T16:37:36.616Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
-        }
-      ],
-      "modified": "2020-05-11T16:37:36.616Z",
-      "description": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9f83d618-a42d-4797-b9fe-030affdbd13f",
-      "created": "2023-01-18T19:46:45.399Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:49:35.020Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can hide and send SMS messages. [SharkBot](https://attack.mitre.org/software/S1055) can also change which application is the device’s default SMS handler.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d6be8665-afbb-4be5-a56a-493af01b120a",
-      "created": "2022-03-30T15:52:29.935Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can potentially detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T15:52:29.935Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.547Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.547Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect various pieces of device information, such as serial number and product information.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--66fb8a34-9d48-4599-a56e-19b057380030",
-      "created": "2023-03-20T18:46:08.304Z",
+      "id": "relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78",
+      "created": "2023-03-20T18:54:09.674Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:46:08.304Z",
+      "modified": "2023-03-20T18:54:09.674Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc",
-      "created": "2023-03-20T18:49:38.917Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:49:38.917Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4cb926c1-c242-45c2-be46-07c22435a8a5",
-      "created": "2022-09-30T19:23:02.689Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T19:23:02.689Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors that would send information and data from a victim's mobile device to the C2 servers.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f6a451e8-2125-4bbe-be52-e682523cd169",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-10-15T19:37:21.273Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests the device phone number, IMEI, and IMSI.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.686Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.686Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed common system information.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a5b37f26-7629-4195-9536-12e349e5843b",
-      "created": "2023-03-20T18:51:04.334Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:04.334Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -28180,188 +21174,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc",
       "type": "relationship",
-      "id": "relationship--f0e39856-4d2d-45c5-bf16-f683ee993010",
-      "created": "2022-03-30T18:18:15.915Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T18:18:15.915Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36",
-      "created": "2023-03-20T18:41:31.300Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:31.300Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57",
-      "created": "2020-11-24T17:55:12.826Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:22:41.797Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can wipe the device.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.501Z",
+      "created": "2019-09-23T13:36:08.441Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "source_name": "SecureList - ViceLeaker 2019"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "modified": "2020-01-21T14:20:50.492Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect location information, including GPS coordinates.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.237Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.237Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s battery level, network operator, connection information, sensor information, and information about the device’s storage and memory.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6",
-      "created": "2023-01-19T18:07:26.323Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:13:32.345Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can utilize WebViews to display fake authentication pages that capture user credentials.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4fc165fd-185e-4c70-b423-c242cf715510",
-      "created": "2019-10-07T16:32:27.127Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
           "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:55:21.480Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) checks if it is running in an analysis environment.(Citation: securelist rotexy 2018) ",
+      "modified": "2019-09-23T13:36:08.441Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) retrieves a list of installed applications and sends it to the command and control server.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
       "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.946Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.136Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can retrieve a list of installed applications.(Citation: FlexiSpy-Features) ",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
       "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -28370,67 +21197,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5",
       "type": "relationship",
-      "id": "relationship--48552acc-5f1a-422f-90fa-37108446f36d",
-      "created": "2022-03-30T19:14:20.374Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:14:20.374Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.615Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.615Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record videos.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3dff770d-9627-4647-b945-7f24a97b2273",
-      "type": "relationship",
-      "created": "2019-09-15T15:26:22.926Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:02:13.533Z",
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.489Z",
+      "created": "2019-09-03T19:45:48.501Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -28439,488 +21208,10 @@
           "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
         }
       ],
-      "modified": "2019-09-11T13:25:19.128Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract the GPS coordinates of the device.(Citation: SWB Exodus March 2019)",
+      "modified": "2019-10-14T16:47:53.197Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can record audio from the compromised device's microphone and can record call audio in 3GP format.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
       "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c50e9e7-e13c-4814-98d0-088d73b10005",
-      "created": "2023-03-03T16:21:24.531Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:21:24.531Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has modified Safari’s default search engine, bookmarked websites, opened pages, and accessed contacts and authorization tokens of the IM program “QQ” on infected devices.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1f8f0021-6992-476c-ba1c-232542dc1633",
-      "created": "2023-03-20T18:58:52.857Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:52.857Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a95fe853-d1d1-47dc-a776-b905daacfe32",
-      "created": "2020-06-26T20:16:32.181Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020.",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:11:53.609Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e",
-      "created": "2022-03-30T20:43:31.249Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:43:31.249Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--242dc659-c205-4e9e-95f9-14fee66195af",
-      "created": "2022-04-01T15:29:36.082Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Configuration of per-app VPN policies instead of device-wide VPN can restrict access to internal enterprise resource access via VPN to only enterprise-approved applications",
-      "modified": "2022-04-01T15:29:36.082Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:12:22.002Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses contact list information.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070",
-      "created": "2020-12-18T20:14:47.302Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used Firebase for C2 communication.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-18T19:18:56.475Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--83d95d05-7545-4295-894b-f33a2ba1063b",
-      "created": "2020-12-17T20:15:22.492Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:47:45.408Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9398bf9d-be77-4ac2-acea-893152cafd16",
-      "created": "2022-03-30T14:43:46.034Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:43:46.034Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.230Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.230Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has encrypted C2 communications using Base64-encoded RC4.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--046acda0-91de-4385-bcfb-157570d8e51d",
-      "created": "2023-03-30T15:25:00.442Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-30T15:26:46.611Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can search for installed applications that match a list of targets.(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.994Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.171Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can take screenshots of other applications.(Citation: FlexiSpy-Features) ",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e",
-      "created": "2022-03-30T18:07:07.306Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
-      "modified": "2022-03-30T18:07:07.306Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7258542e-029b-45b9-be69-6e76d9c93b35",
-      "created": "2020-09-14T13:35:45.886Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ESET-Twitoor",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:43:03.565Z",
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can hide its presence on the system.(Citation: ESET-Twitoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb",
-      "created": "2023-02-06T19:00:42.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:22:43.518Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can access a device's location.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--91a4924f-2519-4662-91f2-b7ef715a459f",
-      "created": "2023-03-20T18:59:55.756Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:59:55.756Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56",
-      "created": "2017-10-25T14:48:53.738Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions. ",
-      "modified": "2022-04-01T13:51:48.934Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7",
-      "created": "2022-04-01T18:45:11.299Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.",
-      "modified": "2022-04-01T18:45:11.299Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.815Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.815Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device’s camera.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19",
-      "created": "2020-09-24T15:26:15.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:41:01.468Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has exfiltrated data using HTTP requests.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.699Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.839Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures audio from the device microphone.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
       "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -28930,60 +21221,34 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e",
+      "created": "2020-12-31T18:25:05.165Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout-BrainTest",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016."
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.(Citation: Lookout-BrainTest)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES) ",
+      "modified": "2022-04-18T16:00:57.320Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2",
-      "created": "2020-07-15T20:20:59.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:29:29.307Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694",
+      "id": "relationship--b2896068-4d54-41e1-b0f2-db9385615112",
       "type": "relationship",
-      "created": "2021-01-05T20:16:20.514Z",
+      "created": "2021-01-05T20:16:20.426Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -28992,624 +21257,18 @@
           "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
         }
       ],
-      "modified": "2021-01-05T20:16:20.514Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can list all hidden files in the `/DCIM/.dat/` directory.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2021-01-05T20:16:20.426Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has shown a persistent notification to maintain access to device sensors.(Citation: Zscaler TikTok Spyware)",
       "relationship_type": "uses",
       "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:34:08.372Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) gathers contacts from the system by dumping the victim's address book.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e",
-      "created": "2022-03-30T18:15:03.625Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T18:15:03.625Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BankInfoSecurity-BackDoor",
-          "url": "http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534",
-          "description": "Jeremy Kirk. (2016, November 16). Why Did Chinese Spyware Linger in U.S. Phones?. Retrieved February 6, 2017."
-        },
-        {
-          "source_name": "NYTimes-BackDoor",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Adups](https://attack.mitre.org/software/S0309) was pre-installed on Android devices from some vendors.(Citation: NYTimes-BackDoor)(Citation: BankInfoSecurity-BackDoor)",
-      "modified": "2022-04-19T15:46:20.166Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--08a43019-d393-451f-a23c-2dfa17ec40b2",
-      "created": "2023-01-18T19:15:24.775Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:51:07.963Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can steal incoming SMS messages and send SMS messages from compromised devices. (Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62",
-      "created": "2023-03-20T18:57:14.194Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:14.194Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
-      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1cca5e17-80ae-4b6e-8919-2768153aa966",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-Xbot",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) uses phishing pages mimicking Google Play's payment interface as well as bank login pages.(Citation: PaloAlto-Xbot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d",
-      "created": "2023-02-28T21:43:12.487Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:43:12.487Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can make and block phone calls.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--684c17bb-2075-4e1f-9fcb-17408511222d",
-      "type": "relationship",
-      "created": "2021-09-20T13:54:19.957Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:54:19.957Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can silently accept an incoming phone call.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8a255d63-a770-4b9d-911c-bd906733ceef",
-      "created": "2023-01-18T19:24:36.689Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:05:42.846Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) has C2 commands that can move the malware in and out of the foreground. (Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
       "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f",
-      "created": "2021-01-20T16:01:19.488Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Anubis",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021.",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:17:07.374Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) has used motion sensor data  to attempt to determine if it is running in an emulator.(Citation: Trend Micro Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--13aba849-5004-4457-9f3b-49e470b589e0",
-      "created": "2023-03-20T18:43:44.617Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:44.617Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-15T19:47:48.036Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549",
-      "created": "2023-03-20T18:24:56.396Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:24:56.396Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1822e616-ae33-487c-8aa6-4fa81e724184",
-      "created": "2021-02-08T16:36:20.785Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:06:22.576Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included contact list exfiltration in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used SMS to receive command and control messages.(Citation: Kaspersky-WUC)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b",
-      "created": "2023-03-20T18:59:46.622Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:59:46.622Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e012da15-7669-4764-ad9d-8a1d817bcca9",
-      "created": "2023-03-20T18:23:04.068Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:23:04.068Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--63e67cba-4eae-4495-8897-2610103a0c41",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) exploits iOS vulnerabilities to escalate privileges.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e7af5be1-721f-40c5-b647-659243a0a14b",
       "type": "relationship",
-      "created": "2020-04-08T15:41:19.321Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:50:02.057Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can record phone calls and audio.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0993769f-63fb-4720-bbcf-e6f37f71515e",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.875Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.875Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc",
-      "created": "2022-03-30T19:36:20.304Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.",
-      "modified": "2022-03-30T19:36:20.304Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86",
-      "created": "2023-03-20T15:16:43.275Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:16:43.275Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e457921c-4a0b-4d6e-92e7-553929ddf943",
-      "created": "2023-02-06T18:51:14.919Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:23:48.120Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can download and install additional malware after initial infection.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d2749285-47d9-44a4-962f-9215e6fb580e",
-      "created": "2020-10-29T17:48:27.380Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:54:30.569Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can access the device’s contact list.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9",
-      "created": "2021-01-05T20:16:20.500Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:27:33.948Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect SMS messages from the device.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dc7ef843-a073-4e23-b717-c505d4863b02",
-      "created": "2023-03-20T18:53:58.856Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:58.856Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c",
-      "created": "2023-01-18T21:38:58.113Z",
+      "id": "relationship--3857f790-6ea1-4f37-8d90-90904f175d63",
+      "created": "2023-01-18T21:37:55.717Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -29622,3584 +21281,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:49:16.069Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use input injection via Accessibility Services to simulate user touch inputs, prevent applications from opening, change device settings, and bypass MFA protections.(Citation: nccgroup_sharkbot_0322)",
+      "modified": "2023-03-27T18:48:17.771Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) has C2 commands that can uninstall the app from the infected device.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
       "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--084786ee-9384-4a00-9e1b-48f94ea70126",
-      "created": "2019-09-03T19:45:48.517Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:09:45.426Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate calendar events.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--327d0102-2113-4e12-be68-504db097a6fd",
-      "created": "2019-08-07T15:57:13.409Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:01:31.230Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) communicates with the command and control server using HTTP requests.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d7aa436a-e66d-4217-be66-4414703dec07",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.634Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.634Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used incorrect file extensions and encryption to hide most of its assets, including secondary APKs, configuration files, and JAR or DEX files.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3efe7dcc-a572-45ac-aff2-2932206a0632",
-      "created": "2019-08-07T15:57:13.441Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:52:06.559Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can access and upload the device's contact list to the command and control server.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8d027310-93a0-4046-b7ad-d1f461f30838",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.783Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) has the ability to dynamically download and execute new code at runtime.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2",
-      "created": "2019-09-04T14:28:15.482Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:28:58.447Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can reset the user's password/PIN.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.838Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to exploit well-known Android OS vulnerabilities to escalate privileges.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55",
-      "created": "2023-03-03T16:23:56.031Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:23:56.031Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected the device UUID.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a",
-      "type": "relationship",
-      "created": "2019-08-09T17:53:48.716Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.716Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can capture photos using the front and back cameras.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-WireLurker",
-          "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[WireLurker](https://attack.mitre.org/software/S0312) obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.(Citation: PaloAlto-WireLurker)",
-      "relationship_type": "uses",
-      "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de",
-      "created": "2023-01-18T19:16:45.773Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:07:34.581Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) has used custom encryption to hide strings, potentially to evade antivirus products.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213",
-      "created": "2023-03-20T15:32:36.972Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:32:36.972Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--477edf7d-cc1f-49b7-9d96-f88399808775",
-      "created": "2022-04-05T20:15:43.660Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:15:43.660Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5b235ed4-548d-49f2-ae01-1874666e6747",
-      "created": "2022-03-30T19:51:56.543Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:51:56.543Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1",
-      "type": "relationship",
-      "created": "2020-07-20T13:49:03.693Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.242Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s IMSI and ICCID.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1e286a4a-63cd-47df-a034-11a5d92daceb",
-      "created": "2022-04-06T15:41:03.981Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:41:03.981Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--be7c3f83-b164-4d53-bfac-65f7437dabec",
-      "created": "2023-03-20T18:54:36.266Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:54:36.266Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3498d304-48e3-4fe4-a3ab-fc261104f413",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.094Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab",
-      "created": "2023-01-18T19:58:21.223Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-01-18T19:58:21.223Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) has used RSA to encrypt the symmetric encryption key used for C2 messages.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd",
-      "created": "2020-12-24T21:41:37.047Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-18T16:04:02.127Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.531Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:55:55.049Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can take pictures using the camera and can record MP4 files.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3dd0cd4d-bcde-4105-b98e-b32add191083",
-      "created": "2020-01-27T17:05:58.331Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:39:39.589Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) exfiltrates data using HTTP POST requests.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e928c0ce-2b98-4af5-a990-f690f4306681",
-      "created": "2023-03-20T18:43:46.070Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:46.070Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5417959b-9478-49fb-b779-3c82a10ad080",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.498Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.371Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T21:00:05.246Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can send SMS messages.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a737289-c62d-4c0a-a857-6d116f774864",
-      "type": "relationship",
-      "created": "2020-06-26T15:12:40.077Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:12:40.077Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9c853c22-7607-4cbd-b114-08aaa4625c35",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.405Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-28T18:47:52.600Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ede5c314-5988-4151-bb30-b6a6983d02c0",
-      "created": "2020-12-31T18:25:05.164Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "modified": "2022-04-15T15:16:53.317Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0cae6859-d7d1-483b-b473-4f32084938a9",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.818Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to record device audio.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d",
-      "created": "2020-12-17T20:15:22.496Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:55:35.453Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s contact list.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.682Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record phone calls and surrounding audio.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Some original variants of [BrainTest](https://attack.mitre.org/software/S0293) had the capability to automatically root some devices, but that behavior was not observed in later samples.(Citation: Lookout-BrainTest)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4d542595-1eb0-45aa-9702-9d494142b390",
-      "type": "relationship",
-      "created": "2019-08-09T18:08:07.109Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.109Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record video or capture photos when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8244700e-6f96-463a-a9c3-810c489a2c60",
-      "created": "2023-03-20T15:20:24.554Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:20:24.554Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--718a612e-50c5-40ab-9081-b88cefeafcb6",
-      "created": "2021-04-26T15:33:55.905Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CitizenLab Circles",
-          "url": "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/",
-          "description": "Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Circles](https://attack.mitre.org/software/S0602) can track the location of mobile devices.(Citation: CitizenLab Circles)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-Obad",
-          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[OBAD](https://attack.mitre.org/software/S0286) contains encrypted code along with an obfuscated decryption routine to make it difficult to analyze.(Citation: TrendMicro-Obad)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.897Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.897Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the user’s browser cookies.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695",
-      "type": "relationship",
-      "created": "2020-09-11T16:23:16.363Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:23:16.363Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can send SMS messages.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.713Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.713Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can collect notes and data from the MiCode app.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6",
-      "created": "2022-04-01T14:59:53.782Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken devices.",
-      "modified": "2022-04-01T14:59:53.782Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--592331d2-60a7-4264-b844-fbeb89b6386c",
-      "created": "2023-03-20T18:58:56.942Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:56.942Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab",
-      "created": "2023-01-18T19:16:15.534Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:54:10.458Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use keylogging to steal user banking credentials.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--02e4aedc-0674-4598-948b-0a32758af9ca",
-      "created": "2022-04-01T13:14:43.195Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:14:43.195Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7",
-      "created": "2020-11-24T17:55:12.889Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:22:27.554Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request device administrator permissions.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--57a5ae72-6932-45e6-83f2-609943902b35",
-      "created": "2023-03-20T18:50:33.248Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:50:33.248Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca",
-      "created": "2022-04-06T13:22:57.754Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:22:57.754Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.748Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) checks if the device is on Wi-Fi, a cellular network, and is roaming.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Adware",
-          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:26:05.199Z",
-      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.(Citation: Lookout-Adware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4454a696-7619-40ee-971b-cbf646e4ee61",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to send messages to premium SMS messages.(Citation: Lookout-EnterpriseApps)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e4019493-bd52-4011-9355-8902be6ff3f3",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:49:19.083Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) registers the broadcast receiver to listen for events related to device boot-up.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--97738857-d496-4d39-9809-1921e0ad10b7",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.125Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.125Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ArsTechnica-HummingWhale",
-          "url": "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/",
-          "description": "Dan Goodin. (2017, January 23). Virulent Android malware returns, gets >2 million downloads on Google Play. Retrieved January 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[HummingWhale](https://attack.mitre.org/software/S0321) generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, [HummingWhale](https://attack.mitre.org/software/S0321) runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.(Citation: ArsTechnica-HummingWhale)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39",
-      "created": "2020-12-14T15:02:35.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:32:42.890Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect SMS messages as they are received.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8870c211-820a-46a1-96fc-02f4e6eaec03",
-      "type": "relationship",
-      "created": "2020-11-10T16:50:39.134Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-04-19T15:40:36.387Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has collected device network information, including 16-bit GSM Cell Identity, 16-bit Location Area Code, Mobile Country Code (MCC), and Mobile Network Code (MNC). [CarbonSteal](https://attack.mitre.org/software/S0529) has also called `netcfg` to get stats.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47",
-      "created": "2022-04-01T17:08:41.293Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
-      "modified": "2022-04-01T17:08:41.293Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--95bf4e8b-f388-48a0-b236-c2077252e71e",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.757Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-09-15T15:35:33.380Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers the device IMEI to send to the command and control server.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3565140f-1570-494d-9d6f-91c9203ece69",
-      "created": "2023-03-20T18:52:29.821Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:29.821Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Enterprises can provision policies to mobile devices that require a minimum complexity (length, character requirements, etc.) for the device passcode, and cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. Enterprises can also provision policies to disable biometric authentication, however, biometric authentication can help make using a longer, more complex passcode more practical because it does not need to be entered as frequently. ",
-      "modified": "2022-03-28T19:20:30.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb",
-      "created": "2020-12-14T14:52:03.184Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has used malicious overlays to collect banking credentials.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.319Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.319Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect voice notes, device accounts, and gallery images.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5",
-      "created": "2023-03-03T16:26:20.400Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:26:20.400Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected information about running processes.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--01965668-d033-4aca-a8e5-71a07070e266",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b",
-      "created": "2021-01-05T20:16:20.492Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:47:18.774Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has registered for device boot, incoming, and outgoing calls broadcast intents.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be",
-      "created": "2021-02-17T20:43:52.337Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020.",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:30:32.294Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has read SMS messages for exfiltration.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a",
-      "created": "2022-03-30T19:54:43.835Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
-      "modified": "2022-03-30T19:54:43.835Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-DualToy",
-          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DualToy](https://attack.mitre.org/software/S0315) side loads malicious or risky apps to both Android and iOS devices via a USB connection.(Citation: PaloAlto-DualToy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.567Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.567Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has encrypted exfiltrated data using AES in ECB mode.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-RCSAndroid",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can use SMS for command and control.(Citation: TrendMicro-RCSAndroid)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31",
-      "created": "2022-04-06T13:41:17.517Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:41:17.517Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d63de13b-0253-42f4-b13d-34bccf76ad94",
-      "created": "2023-03-20T18:54:50.323Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:54:50.323Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78",
-      "type": "relationship",
-      "created": "2019-10-10T15:17:00.972Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "source_name": "FlexiSpy-Features"
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.666Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can monitor device photos and can also access browser history and bookmarks.(Citation: FlexiSpy-Features)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4761145d-34ac-4b45-a0d6-a09b1907a196",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.367Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.367Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can inject clicks to launch applications, share posts on social media, and interact with WebViews to perform fraudulent actions.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--209aa948-393c-46b0-9488-ef93a6252438",
-      "created": "2022-03-30T20:07:19.296Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:07:19.296Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:25:52.381Z",
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.(Citation: Lookout-BrainTest)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b477afcb-7449-4fae-b4aa-c512c22d7500",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.394Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.394Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--93b6bf37-5614-4317-8ed7-42f098152c40",
-      "created": "2023-02-28T20:39:18.320Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:10:38.672Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use a SOCKS proxy to evade C2 IP detection.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d1318f71-7f70-4820-a3fc-0d05af038733",
-      "created": "2021-10-01T14:42:49.154Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890",
-      "created": "2023-01-18T19:09:40.955Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:58:45.439Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can record the screen via the `MediaProjection` library to harvest user credentials, including biometric PINs.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.692Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.692Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has searched for specific existing data directories, including the Gmail app, Dropbox app, Pictures, and thumbnails.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.396Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-16T20:52:21.426Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can download additional overlay templates.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57",
-      "created": "2023-03-20T18:43:49.345Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:49.345Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f",
-      "created": "2020-09-11T14:54:16.642Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:21:19.617Z",
-      "description": "If running on a Huawei device, [Desert Scorpion](https://attack.mitre.org/software/S0505) adds itself to the protected apps list, which allows it to run with the screen off.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3",
-      "created": "2023-02-28T21:44:45.063Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:26:33.166Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can use overlays to cover legitimate applications or screens.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.488Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.704Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489)’s code is obfuscated.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c7598a6-6046-491d-99a7-52c31974a9a9",
-      "created": "2023-03-20T18:57:40.504Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:40.504Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2",
-      "created": "2020-04-24T17:46:31.589Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:00:28.299Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) communicates with the C2 by sending JSON objects over unencrypted HTTP requests.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024",
-      "created": "2022-04-15T18:11:06.097Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Skycure-Profiles",
-          "description": "Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December 22, 2016.",
-          "url": "https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:28:11.000Z",
-      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.(Citation: Skycure-Profiles)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3",
-      "created": "2020-04-08T15:41:19.404Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:18:13.761Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can steal the device’s contact list.(Citation: Cofense Anubis) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed",
-      "created": "2019-07-10T15:35:43.668Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:55:00.294Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses the device contact list.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a",
-      "created": "2020-07-27T14:14:56.996Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:19:00.199Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can inject code into the Setup Wizard at runtime to extract CAPTCHA images. [Zen](https://attack.mitre.org/software/S0494) can inject code into the `libc` of running processes to infect them with the malware.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2",
-      "type": "relationship",
-      "created": "2020-09-11T15:53:38.453Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "modified": "2020-09-11T15:53:38.453Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can automatically reply to SMS messages, and optionally delete them.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2f55e452-f8b3-402b-a193-d261dac9f327",
-      "created": "2022-04-01T18:53:48.715Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:53:48.715Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7",
-      "created": "2023-03-15T16:26:04.949Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:26:04.949Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9",
-      "created": "2022-04-06T13:57:38.847Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:57:38.847Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--204e30ed-5e69-400b-a814-b77e10596865",
-      "created": "2022-04-06T15:50:42.481Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:50:42.481Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3e2474d3-f36d-4193-92f6-273296befdd3",
-      "created": "2022-04-05T19:38:18.760Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should protect their account credentials and enable multi-factor authentication options when available. ",
-      "modified": "2022-04-05T19:38:18.760Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c",
-      "created": "2023-03-03T16:24:30.564Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:24:30.564Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has hijacked normal application’s launch routines to display ads.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "modified": "2019-10-10T15:24:09.355Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can activate the victim's microphone.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--70fa8498-6117-4e15-ae3c-f53d63996826",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.050Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.050Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect the device’s location.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.688Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.688Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured audio and can record phone calls.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364",
-      "created": "2023-02-06T19:46:19.592Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:46:19.592Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has C2 commands to add an infected device to a DDoS pool.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0291c9d5-8977-420d-8374-b786e3095a73",
-      "created": "2023-03-20T18:49:53.204Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:49:53.204Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45",
-      "created": "2023-02-06T19:47:26.528Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:47:26.528Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has been distributed in obfuscated and packed form.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e3d04885-95a5-47cb-a038-b58542cf787d",
-      "created": "2019-09-03T19:45:48.487Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:08:39.524Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate the call log.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cc81b56c-cf73-4307-b950-e80246985195",
-      "created": "2019-10-18T14:50:57.473Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "OS security updates typically contain exploit patches when disclosed.",
-      "modified": "2022-03-28T19:20:44.337Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a610208-06af-425f-a9af-cd0899261e33",
-      "type": "relationship",
-      "created": "2020-09-11T15:45:38.450Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:45:38.450Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can send SMS messages.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--22708018-defd-4690-8b0f-fe47e11cb5d6",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.316Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.316Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can capture all device notifications and hide notifications from the user.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--50c81a85-8c70-48df-a338-8622d2debc74",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:38:39.008Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather call logs.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--078653a6-3613-4923-ae5a-1bccb8552e67",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.250Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.250Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) has been installed in two stages and can secretly install new applications.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f0851531-e554-4658-920c-f2342632c19a",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Adware",
-          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is packed with at least eight publicly available exploits that can perform rooting.(Citation: Lookout-Adware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--51457698-e98b-435a-88c2-75a82cdc2bda",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:38:56.380Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2acc0c1a-af30-4410-976b-31148df5378d",
-      "created": "2022-03-28T19:39:42.538Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-28T19:39:42.538Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016",
-      "created": "2022-04-15T18:12:53.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Xiao-KeyRaider",
-          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:28:29.839Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can install attacker-specified certificates to the device's trusted certificate store, enabling an adversary to perform adversary-in-the-middle attacks.(Citation: Xiao-KeyRaider)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ed48a86f-e55f-4abf-8f18-98591b756399",
-      "created": "2023-03-03T16:19:30.443Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:19:30.443Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has hidden the app icon from iOS springboard.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.503Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.503Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can record MP4 files and monitor calls.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7",
-      "type": "relationship",
-      "created": "2019-10-15T19:33:42.204Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-Skygofree",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
-        }
-      ],
-      "modified": "2019-10-15T19:33:42.204Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can track the device's location.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4586277d-bebd-4717-87c6-a31a9be741ed",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.982Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.982Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can get file lists on the SD card.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f012feab-5612-429f-81bd-ff75d6ffd04e",
-      "created": "2022-04-05T17:03:34.941Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:03:34.941Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--45253350-c802-4566-a72d-57d43d05fd63",
-      "type": "relationship",
-      "created": "2020-05-07T15:24:49.530Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-05-27T13:23:34.536Z",
-      "description": "Security updates frequently contain patches to vulnerabilities.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.381Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-28T18:59:33.140Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has collected the device’s phone number and can check if the active network connection is metered.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--03172b09-4f97-4fb8-95f0-92b2d8957408",
-      "created": "2020-06-26T14:55:13.349Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) has encrypted base64-encoded payload data using RC4 and Curve25519.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-18T15:57:14.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--de4ecfa3-fa91-4377-810c-5c567de9688b",
-      "created": "2021-01-05T20:16:20.490Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:38:01.842Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can delete attacker-specified files.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7",
-      "created": "2023-01-18T19:19:34.604Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:52:35.805Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can send stolen data back to the C2 server.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a451966b-f826-422b-9505-f564b9988a9c",
-      "created": "2020-12-24T21:55:56.693Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:27:39.012Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used both FTP and TCP sockets for data exfiltration.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1c180c0e-c789-4176-b568-789ada9487bb",
-      "type": "relationship",
-      "created": "2020-10-29T19:21:23.162Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:21:23.162Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if *developer mode* is enabled.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.603Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.603Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can steal pictures from the device.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Tripwire-MazarBOT",
-          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/",
-          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can send messages to premium-rate numbers.(Citation: Tripwire-MazarBOT)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f",
-      "created": "2022-03-28T19:25:38.355Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates may contain patches that inhibit system software compromises.",
-      "modified": "2022-03-28T19:25:38.355Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--48486680-530c-4ed9-aca3-94969aa262b6",
-      "created": "2019-07-10T15:35:43.665Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:38:00.609Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bde9304b-4421-4185-a2c6-dabe1c080587",
-      "created": "2023-03-16T18:31:48.708Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:31:48.708Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3",
-      "created": "2020-09-15T15:18:12.462Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:42:40.327Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can hide its icon if it detects that it is being run on an emulator.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396",
-      "created": "2023-03-20T18:40:12.814Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:40:12.814Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd",
-      "created": "2022-04-01T18:50:00.027Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:50:00.027Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--290a627d-172d-494d-a0cc-685f480a1034",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:36:27.983Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects call logs.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--75989cf6-c023-4ed3-9d23-a83f55690186",
-      "created": "2023-02-28T21:43:36.886Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:43:36.886Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can read incoming text messages.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.562Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "source_name": "FortiGuard-FlexiSpy"
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.500Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can communicate with the command and control server over ports 12512 and 12514.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e",
-      "created": "2020-07-15T20:20:59.200Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:50:39.124Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access the device’s contact list.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39",
-      "created": "2020-06-26T14:55:13.387Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:59:55.854Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) communicates with the C2 using HTTP requests.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f",
-      "created": "2023-03-20T15:56:34.418Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:56:34.418Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bf901bab-3caa-4d05-a859-d9fb4d838304",
-      "type": "relationship",
-      "created": "2019-10-10T15:27:22.091Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.091Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses browser history, pictures, and videos.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cbf17fea-141e-44b8-831c-b3cc41066420",
-      "type": "relationship",
-      "created": "2021-01-20T16:01:19.409Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
-        }
-      ],
-      "modified": "2021-01-20T16:01:19.409Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can download attacker-specified APK files.(Citation: Trend Micro Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ddca1254-b404-4850-9566-0be35c6d7564",
-      "created": "2020-11-10T17:08:35.771Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:00:11.412Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Tripwire-MazarBOT",
-          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016.",
-          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:27:47.788Z",
-      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can intercept two-factor authentication codes sent by online banking apps.(Citation: Tripwire-MazarBOT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328",
-      "created": "2022-03-30T19:34:09.377Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:34:09.377Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5",
       "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.546Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.537Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can receive system notifications.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.793Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can monitor clipboard content.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f5d24a31-53d2-4e84-9110-2da0582132cb",
-      "created": "2020-05-07T15:33:32.936Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440)’s core malware is disguised as a JPG file, and encrypted with an XOR cipher.(Citation: CheckPoint Agent Smith)",
-      "modified": "2022-04-15T16:44:17.145Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd",
-      "created": "2021-02-08T16:36:20.707Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:05:01.189Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has installed malicious MDM profiles on iOS devices as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9b56528f-cf04-4d81-80ee-7bacb862383a",
-      "created": "2023-03-20T18:57:33.693Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:33.693Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ece70dca-803c-4209-8792-7e56e9901288",
-      "created": "2020-07-15T20:20:59.291Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:38:15.470Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can delete all data from an infected device.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--22773074-4a95-48e0-905f-688ce048b5ed",
-      "created": "2020-04-24T17:46:31.593Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:53:51.524Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can prevent the user from interacting with the UI by showing a WebView with a persistent cursor.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.255Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.255Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has stored data embedded in the strings.xml resource file.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106",
-      "created": "2023-03-15T16:26:38.465Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:26:38.465Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b309c25a-6baf-4874-829d-63712a38652c",
-      "created": "2023-02-06T19:02:16.194Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:21:41.461Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself camera permissions.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -33209,251 +21295,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--53364899-1ea5-47fa-afde-c210aed64120",
       "type": "relationship",
-      "id": "relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36",
-      "created": "2020-05-07T15:33:32.895Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f",
-      "created": "2023-03-20T15:55:32.395Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:55:32.395Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b",
-      "created": "2019-12-10T16:07:41.081Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:47:53.438Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) replaces `/system/bin/ip` with a malicious version. [Dvmap](https://attack.mitre.org/software/S0420) can inject code by patching `libdmv.so` or `libandroid_runtime.so`, depending on the Android OS version. Both libraries are related to the Dalvik and ART runtime environments. The patched functions can only call `/system/bin/ip`, which was replaced with the malicious version.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.553Z",
+      "created": "2019-07-10T15:47:19.659Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
         }
       ],
-      "modified": "2020-08-10T21:57:54.518Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) sends the device’s IMEI with each exfiltration request.(Citation: Talos-WolfRAT)",
+      "modified": "2019-07-16T15:35:21.086Z",
+      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2",
-      "created": "2022-04-08T16:29:55.322Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-08T16:29:55.322Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
-      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8726b157-3575-450f-bb7f-f17bb18e6aef",
-      "created": "2022-03-30T20:41:43.314Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
-      "modified": "2022-03-30T20:41:43.314Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:33:51.882Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) modifies the system partition to maintain persistence.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429",
-      "created": "2022-04-01T18:51:28.859Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain patches to vulnerabilities that can be exploited for root access.",
-      "modified": "2022-04-01T18:51:28.859Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10",
-      "created": "2023-03-03T15:36:15.840Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T15:36:15.840Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can access device call logs.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8",
-      "created": "2023-02-06T18:59:15.881Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:21:10.915Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can collect device information such as manufacturer, model, version, serial number, and telephone number.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.822Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.822Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request the device’s location.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -33489,25 +21346,158 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
       "type": "relationship",
-      "id": "relationship--b641e5b8-5981-452a-99f0-3598c783e5ee",
-      "created": "2019-08-07T15:57:13.443Z",
+      "id": "relationship--cea30219-a255-43ae-b731-9512c5044523",
+      "created": "2022-04-18T19:46:02.547Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-18T19:46:02.547Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc",
+      "created": "2022-04-01T13:18:40.460Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Contact list access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their contact list. ",
+      "modified": "2022-04-01T13:18:40.460Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--51b0a4fb-a308-4694-9437-95702a50ebd5",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.231Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.231Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can take photos with the device camera.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113",
+      "created": "2020-06-26T15:32:25.032Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can generate fake notifications and launch overlay attacks against attacker-specified applications.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.339Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.339Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used timer events in React Native to initiate the foreground service.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.426Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:13.000Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) uses XOR to obfuscate its second stage binary.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--17e94f34-e367-491c-9f9f-79294e124b4f",
+      "created": "2020-12-17T20:15:22.501Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Kaspersky Riltok June 2019",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/"
+          "source_name": "Palo Alto HenBox",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:30:47.506Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can intercept incoming SMS messages.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2023-04-05T20:22:48.246Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)",
       "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -33518,9 +21508,267 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65",
+      "id": "relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3",
       "type": "relationship",
-      "created": "2021-04-19T17:05:42.574Z",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.854Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses the list of installed applications.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6",
+      "created": "2022-04-05T19:54:12.660Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:54:12.660Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1cc71849-142f-4097-9546-7946b0b546a6",
+      "created": "2020-04-08T15:51:25.125Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:29:22.884Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--35a12ae8-562d-4e24-979e-ef970dde0b94",
+      "created": "2022-04-15T17:52:24.125Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-15T17:52:24.125Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.686Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c41d817e-913e-4574-b8d4-370de9f0034b",
+      "created": "2019-11-18T14:47:25.327Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019.",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html"
+        },
+        {
+          "source_name": "Kaspersky Triada March 2016",
+          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019.",
+          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:19:16.331Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) injects code into the Zygote process to effectively include itself in all forked processes. Additionally, code is injected into the Android Play Store App, web browser applications, and the system UI application.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada March 2016)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--12d61e7d-7fa6-422d-9817-901decf6b650",
+      "created": "2019-07-10T15:35:43.663Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) uses phishing popups to harvest user credentials.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.259Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.259Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4",
+      "created": "2022-09-29T21:22:06.716Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T18:45:10.156Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors to continually forward all SMS messages and call information back to their C2 servers.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc",
+      "created": "2023-03-20T18:14:50.401Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:47:25.861Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--da424f3f-8a93-4a66-858c-b33f587108e6",
+      "type": "relationship",
+      "created": "2020-10-29T17:48:27.225Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.225Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s country and carrier name.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.997Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -33529,27 +21777,13110 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2021-04-19T17:05:42.574Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has collected files from the infected device.(Citation: Lookout Uyghur Campaign)\t",
+      "modified": "2020-12-24T22:04:27.997Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2d3198ff-a481-47ec-ae64-13d7be706929",
+      "created": "2023-02-28T21:41:47.503Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:41:47.503Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record video from the device camera.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2",
+      "created": "2022-04-01T13:27:29.919Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T13:27:29.920Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-07-16T15:35:21.063Z",
+      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1",
+      "created": "2019-07-10T15:35:43.661Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:32:57.154Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures and exfiltrates all SMS messages, including future messages as they are received.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8f2929a9-cd25-4e07-b402-447da68aaa56",
+      "created": "2020-04-24T15:06:33.455Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:10:43.246Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8",
+      "created": "2023-03-20T18:56:24.246Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:56:24.246Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788",
+      "created": "2020-05-07T15:33:32.903Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:20:05.166Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications’ update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3",
+      "created": "2021-02-08T16:36:20.788Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included keylogging capabilities as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-15T17:35:26.197Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e",
+      "type": "relationship",
+      "created": "2020-01-14T17:47:08.826Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2020-01-14T17:47:08.826Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) checks the Android version to determine which system library to patch.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--def81edd-4410-47b2-a80f-d47b3f353f54",
+      "created": "2023-03-16T18:27:42.656Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:27:42.656Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cc49561f-8364-4908-9111-ad3a6dcd922c",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.753Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.753Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploit tools to gain root, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
       "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--afba6b19-7486-4e5a-8fda-e91852b0b354",
+      "type": "relationship",
+      "created": "2021-09-20T13:42:21.104Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-09-27T18:05:43.107Z",
+      "description": "Users should be encouraged to be very careful with what applications they grant phone call-based permissions to. Further, users should not change their default call handler to applications they do not recognize.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce",
+      "created": "2022-04-01T18:42:50.381Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Providing user guidance around commonly abused features, such as the modal that requests for administrator permissions, should aid in preventing impairing defenses.",
+      "modified": "2022-04-01T18:42:50.381Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:53:03.638Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414",
+      "created": "2019-10-18T14:50:57.521Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
+      "modified": "2022-03-30T20:08:17.127Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers device model and operating system version information and transmits it to a command and control server.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
+        }
+      ],
+      "modified": "2019-09-10T13:14:39.009Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) captures live recordings of the device's surroundings.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.324Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.324Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0100020b-97d4-4657-bc71-c6a1774055a6",
+      "created": "2022-04-20T17:36:25.707Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:39:23.114Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b19082d2-c151-45dd-8844-82335fbe3ed9",
+      "created": "2023-02-28T21:43:54.880Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:43:54.880Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can send text messages.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--789699c2-44f1-4280-bf86-ab23e6a13e84",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:18:51.813Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1d828f51-1c04-466c-beaf-2d4de741a544",
+      "created": "2020-05-04T14:04:56.184Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020.",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:03:18.675Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can access SMS messages in order to complete carrier billing fraud.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--806a9338-be20-4eef-aa54-067633ac0e58",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.421Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.421Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the device’s GPS location.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e",
+      "created": "2023-03-20T18:52:52.011Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:52:52.011Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c",
+      "created": "2019-09-03T20:08:00.687Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:31:38.319Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) can intercept two-factor authentication codes transmitted via SMS.(Citation: Talos Gustuff Apr 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f62e0aaf-e52f-40b9-a059-001f298a0660",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:19:00.168Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--60782df8-1e96-48eb-a6b7-843c94b32b59",
+      "created": "2023-02-06T19:43:17.802Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:33:52.290Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can hide its application icon.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4009ff40-4616-4b1c-bff9-599e52ccab37",
+      "created": "2020-01-27T17:05:58.263Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:28:34.373Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s contact list.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--386b0a9f-9951-4717-8bce-30c8fbe05050",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:24.955Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:24.955Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) uses standard payload and string obfuscation techniques.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--27050442-e578-44b7-9534-ada78824befe",
+      "created": "2023-02-06T19:45:09.612Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:45:09.612Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can intercept and read SMS messages.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--68c17e9b-1fda-49dd-982b-566d473cc32b",
+      "created": "2022-04-06T15:51:11.939Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:51:11.939Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.511Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.511Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has contained an alarm that triggers every three minutes and timers for communicating with the C2.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.380Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.380Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) dynamically loads its malicious functionality at runtime from an RC4-encrypted TTF file. [EventBot](https://attack.mitre.org/software/S0478) also utilizes ProGuard to obfuscate the generated APK file.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--33316f49-f1fb-453a-9ba7-d6889982a010",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.459Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.516Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can obtain a list of installed applications.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-15T19:44:36.177Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--383e5b12-061e-45c6-911b-b37187dd9254",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.701Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.399Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included file enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a",
+      "created": "2020-06-26T15:32:24.962Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:42:04.769Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) hides its icon from the application drawer after being launched for the first time.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd",
+      "created": "2019-09-03T19:45:48.503Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:10:38.937Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can download the address book.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--15065492-1aef-4cf8-af3c-cc763eee5daf",
+      "created": "2020-09-24T15:34:51.213Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:49:32.064Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can detect if it is being ran on an emulator.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.610Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.693Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves a list of all applications installed on the device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13",
+      "created": "2020-10-29T17:48:27.425Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:45:26.765Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has registered to receive the `BOOT_COMPLETED` broadcast intent.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.284Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.284Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can install attacker-specified components or applications.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a54c8c09-c849-4146-a7cc-158887222a6d",
+      "created": "2020-12-24T21:45:56.969Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:15:05.454Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access SMS messages.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b5586b9-75ee-476f-b3eb-49878254302c",
+      "type": "relationship",
+      "created": "2019-07-16T14:33:12.117Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "modified": "2020-04-27T16:52:49.643Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) is able to modify code within the com.android.systemui application to gain access to `GET_REAL_TASKS` permissions. This permission enables access to information about applications currently on the foreground and other recently used apps.(Citation: Google Triada June 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--119b848b-84b4-4f86-a265-0c9eb8680072",
+      "created": "2021-10-01T14:42:49.171Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-18T19:01:58.546Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.120Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.120Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856",
+      "created": "2020-05-04T14:04:56.211Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020.",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:03:51.504Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) communicates with the C2 server using HTTP requests.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d300eb82-5ca0-48aa-a45f-d34242545e27",
+      "created": "2022-03-30T15:08:28.814Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect unauthorized operating system modifications. ",
+      "modified": "2022-03-30T15:08:28.814Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--97417113-1840-4e00-98d3-bb222e1a1f60",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.980Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.815Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) base64 encodes one of the strings it searches for.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3364dd33-c012-4aaf-852b-86e63bd724ac",
+      "created": "2023-02-06T19:38:22.312Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        },
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-11T22:06:53.022Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can gather session cookies from infected devices. [S.O.V.A.](https://attack.mitre.org/software/S1062) can also abuse Accessibility Services to steal Google Authenticator tokens.(Citation: threatfabric_sova_0921)(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7d481598-ece7-469c-b231-619a804c25e5",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:34:25.318Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures SMS messages that the victim sends or receives.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--efd35b6f-7a61-4998-97ff-608547e40f66",
+      "created": "2019-10-01T14:23:44.054Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Rotexy](https://attack.mitre.org/software/S0411) encrypts JSON HTTP payloads with AES.(Citation: securelist rotexy 2018) ",
+      "modified": "2022-04-18T16:07:57.631Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1",
+      "created": "2019-09-04T15:38:57.037Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record keystrokes and analyze them for keywords.(Citation: FlexiSpy-Features)",
+      "modified": "2022-04-15T17:34:17.813Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435",
+      "created": "2022-04-05T19:51:08.770Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 12 Features",
+          "url": "https://developer.android.com/about/versions/12/features",
+          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
+      "modified": "2022-04-05T19:51:08.770Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a",
+      "created": "2020-10-29T19:21:23.143Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:48:18.023Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has registered to receive the `BOOT_COMPLETED` broadcast intent to activate on device startup.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--212801c2-5d14-4381-b25a-340cda11a5ac",
+      "created": "2020-12-18T20:14:47.310Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has displayed a form to collect user data after installation.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--68e5789c-9f60-421e-9c79-fae207a29e83",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:27:20.839Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole SMS message content.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--34f9aed0-48a7-4815-8456-5541a7b8210f",
+      "created": "2019-09-04T14:28:16.487Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the user's keystrokes.(Citation: Lookout-Monokle)",
+      "modified": "2022-04-15T17:34:52.414Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.318Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.318Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) uses foreground persistence to keep a service running. It shows the user a transparent notification to evade detection.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5aa167b8-4166-440b-b49f-bf1bab597237",
+      "created": "2019-11-21T16:42:48.441Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:39:13.309Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect the device’s call log.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf",
+      "type": "relationship",
+      "created": "2020-09-11T15:43:49.309Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:43:49.309Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can send SMS messages from a device.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4449ac76-8329-4483-b152-99b990006cbc",
+      "created": "2019-09-04T15:38:56.937Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:58:10.115Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect a list of known Wi-Fi access points.(Citation: FlexiSpy-Features) ",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.397Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.397Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936",
+      "created": "2019-08-29T18:57:55.926Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Samsung Keyboards",
+          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
+          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards) An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
+      "modified": "2022-04-05T19:41:57.905Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.410Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.410Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.294Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can obtain a list of installed applications.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9",
+      "created": "2019-09-04T14:28:15.316Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:26:48.912Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can remount the system partition as read/write to install attacker-specified certificates.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--79ef0025-3e1c-4914-9873-19808c2a5bec",
+      "created": "2023-02-28T21:44:22.373Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:44:22.373Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record the screen and stream the data off the device.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50",
+      "type": "relationship",
+      "created": "2021-09-20T13:50:02.036Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:50:02.036Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can make phone calls.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--41da5845-a1a8-4d10-8929-053be3496396",
+      "created": "2022-04-20T17:46:43.542Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:39:57.165Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP data exfiltration.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Judy",
+          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018.",
+          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Judy](https://attack.mitre.org/software/S0325) bypasses Google Play's protections by downloading a malicious payload at runtime after installation.(Citation: CheckPoint-Judy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.512Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can check the device’s battery status.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab",
+      "created": "2022-04-11T20:06:38.811Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products that are part of the Samsung Knox for Mobile Threat Defense program could examine running applications while the device is idle, potentially detecting malicious applications that are running primarily when the device is not being used.",
+      "modified": "2022-04-11T20:06:38.811Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bc79a212-139f-4dce-be72-e90585f38f03",
+      "created": "2023-03-16T18:31:37.091Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:31:37.091Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9",
+      "created": "2022-03-30T14:26:02.359Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Changes to System Broadcasts",
+          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
+          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ",
+      "modified": "2022-03-30T14:26:02.359Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a285f343-09c3-49af-9c18-1dccf89e9009",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.391Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.391Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect a directory listing of external storage.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.495Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.495Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can track the device’s location.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b5f3b110-fc66-4369-89f3-621c945d655f",
+      "type": "relationship",
+      "created": "2020-04-27T16:52:49.444Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "modified": "2020-04-27T16:52:49.444Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) encrypts data prior to exfiltration.(Citation: Google Triada June 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688",
+      "created": "2020-05-07T15:33:32.910Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:19:44.427Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can hide its icon from the application launcher.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.298Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.298Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) obfuscates its hardcoded C2 URLs.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6",
+      "created": "2023-03-16T13:31:29.822Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T13:31:29.822Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920",
+      "created": "2022-04-05T19:46:22.326Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
+      "modified": "2022-04-05T19:46:22.326Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d",
+      "created": "2019-07-10T15:25:57.585Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:39:29.860Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31",
+      "created": "2022-09-29T20:11:55.474Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T18:39:16.003Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of enumerating specific files on the infected devices.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--300c824d-5586-411b-b274-8941a99a98fb",
+      "created": "2022-03-30T14:06:01.859Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T14:06:01.859Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--09c6bbd4-9058-4657-9d8e-656439637ac6",
+      "created": "2023-03-16T18:32:47.895Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:32:47.895Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) tricks the user into sending SMS messages to premium services and then deletes those messages.(Citation: Wandera-RedDrop)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c89d6493-3f33-4568-ac77-ba13b206ae69",
+      "created": "2023-03-20T18:52:24.667Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:52:24.667Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--492d5699-f885-411a-8431-254fcf33fb12",
+      "created": "2019-08-09T16:14:58.367Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android Capture Sensor 2019",
+          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
+          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 9 and above restricts access to the mic, camera, and other device sensors from applications running in the background. iOS 14 and Android 12 introduced a visual indicator on the status bar (green dot) when an application is accessing the device’s camera.(Citation: Android Capture Sensor 2019)",
+      "modified": "2022-04-01T13:56:12.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14",
+      "created": "2020-06-26T15:32:25.043Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:53:04.417Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) disables Google Play Protect to prevent its discovery and deletion in the future.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.062Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.062Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain a list of installed applications.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.975Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-10-14T17:51:38.054Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) queries the device for metadata such as make, model, and power levels.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa",
+      "created": "2020-11-10T17:08:35.761Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:00:38.611Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has deleted call log entries coming from known C2 sources.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--44b63426-1ea7-456e-907b-0856e3eab0c3",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.142Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.142Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device’s location.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87",
+      "type": "relationship",
+      "created": "2020-05-04T14:04:56.217Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "modified": "2020-05-04T15:40:21.305Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) has utilized JavaScript within WebViews that loaded a URL hosted on a Bread-controlled server which provided functions to run. [Bread](https://attack.mitre.org/software/S0432) downloads billing fraud execution steps at runtime.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.004Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.004Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f4aeacef-035c-4308-9e85-997703e27809",
+      "created": "2020-01-27T17:05:58.305Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:27:33.906Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can delete arbitrary files on the device.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c943d462-fea7-4c01-88b2-de134153095b",
+      "created": "2023-03-20T18:56:37.473Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:56:37.473Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3c43d125-6719-420e-bb69-878cc91c2474",
+      "created": "2020-09-15T15:18:12.428Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:45:11.727Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532",
+      "created": "2023-02-06T19:46:43.041Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:46:43.041Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has included adversary-in-the-middle capabilities.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--07dd3318-2965-4085-be64-a8e956c7b8da",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.319Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.319Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has stored encoded strings.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4b68bcb1-a512-40f7-9aee-235b3668f022",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.271Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.271Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain clipboard contents.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42342d72-a37c-477e-b8f1-1768273fcb7f",
+      "created": "2019-10-18T15:51:48.451Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required. ",
+      "modified": "2022-04-01T13:32:32.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2",
+      "created": "2023-03-20T18:48:39.857Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:48:39.857Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ed7e9368-004c-484f-9eed-03b158325564",
+      "created": "2023-03-20T18:54:40.401Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:54:40.401Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330",
+      "created": "2022-04-01T15:01:53.321Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores.",
+      "modified": "2022-04-01T15:01:53.321Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.382Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.382Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has communicated with the C2 server over TCP port 7777.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b402664b-a5b4-45e4-832f-02638e6c67a7",
+      "created": "2022-04-01T14:59:17.991Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores. ",
+      "modified": "2022-04-01T14:59:17.991Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f",
+      "type": "relationship",
+      "created": "2019-09-23T13:36:08.448Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-10-15T19:56:50.651Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about the compromised device, including phone number, network operator, OS version, device model, and the device registration country.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02",
+      "created": "2020-06-26T15:32:25.144Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint Cerberus",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020.",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:10:26.480Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 server using HTTP.(Citation: CheckPoint Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f",
+      "created": "2023-02-28T20:39:57.194Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:07:21.417Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use Domain Generation Algorithms to connect to the C2 server.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--29357289-362c-447c-b387-9a38b50d7296",
+      "created": "2022-04-15T17:20:06.338Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        },
+        {
+          "source_name": "Check Point-Joker",
+          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
+          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Bread](https://attack.mitre.org/software/S0432) uses various tricks to obfuscate its strings including standard and custom encryption, programmatically building strings at runtime, and splitting unencrypted strings with repeated delimiters to break up keywords. [Bread](https://attack.mitre.org/software/S0432) has also abused Java and JavaScript features to obfuscate code. [Bread](https://attack.mitre.org/software/S0432) payloads have hidden code in native libraries and encrypted JAR files in the data section of an ELF file. [Bread](https://attack.mitre.org/software/S0432) has stored DEX payloads as base64-encoded strings in the Android manifest and internal Java classes.(Citation: Check Point-Joker)(Citation: Google Bread)",
+      "modified": "2022-04-15T17:20:06.338Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a",
+      "created": "2021-01-07T17:02:31.805Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:56:32.861Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can access the device's contact list.(Citation: Zscaler TikTok Spyware) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f92fe9dd-7296-42f6-904e-e245c438376e",
+      "created": "2020-12-14T15:02:35.291Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:25:06.012Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can request device administrator permissions.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--34b6abb0-d199-46bb-af21-b65560e75658",
+      "created": "2022-04-01T19:06:40.361Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T19:06:40.361Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--90d4d964-efa2-46ac-adc2-759886e07158",
+      "created": "2020-10-29T17:48:27.325Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:11:02.157Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:23:04.150Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted the full contents of text messages.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651",
+      "created": "2023-04-11T19:54:52.711Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-11T19:54:52.711Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can programmatically tap the screen or swipe.(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7",
+      "created": "2023-03-20T18:48:56.995Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:48:56.995Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7",
+      "type": "relationship",
+      "created": "2019-03-11T15:13:40.425Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
+          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
+          "source_name": "TrendMicro-Anserver2"
+        }
+      ],
+      "modified": "2019-10-15T19:55:04.517Z",
+      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device OS version, device build version, manufacturer, and model.(Citation: TrendMicro-Anserver2)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d",
+      "created": "2022-04-01T17:06:06.950Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to location information. Users should also protect their account credentials and enable multi-factor authentication options when available. ",
+      "modified": "2022-04-01T17:06:06.950Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--828417ec-c444-41c8-95b4-c339c5ecf62b",
+      "created": "2022-03-30T20:48:00.360Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
+      "modified": "2022-03-30T20:48:00.360Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760",
+      "created": "2022-03-30T14:41:20.735Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Changes to System Broadcasts",
+          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
+          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)",
+      "modified": "2022-03-30T14:41:20.735Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7",
+      "created": "2023-03-20T18:55:33.546Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:55:33.546Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:24:38.256Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uploads incoming SMS messages to a remote command and control server.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257",
+      "type": "relationship",
+      "created": "2020-10-29T17:48:27.469Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.469Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--14143e21-51bf-4fa7-a949-d22a8271f590",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.780Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record audio using the device microphone.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--91831379-b0da-4019-a7bb-17e53cda9d0b",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.131Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.131Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Original samples of [BrainTest](https://attack.mitre.org/software/S0293) download their exploit packs for rooting from a remote server after installation.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c",
+      "created": "2022-04-01T14:59:39.294Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Apple regularly provides security updates for known OS vulnerabilities.",
+      "modified": "2022-04-01T14:59:39.294Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e",
+      "created": "2023-03-16T18:26:45.940Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:26:45.940Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.495Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted application strings using AES in ECB mode and Blowfish, and stored strings encoded in hex during Operation BULL. Further, in Operation BULL, encryption keys were stored within the application’s launcher icon file.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be17dc63-5b0a-491a-be5f-132058444c3a",
+      "type": "relationship",
+      "created": "2019-08-09T17:52:13.352Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.877Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to take pictures using the device camera.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76",
+      "created": "2023-03-20T18:42:18.058Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:42:18.058Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--33857221-2543-4a7f-8255-b0d140d70ad7",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.461Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.686Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record call audio.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.408Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.408Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can track the device’s location.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a",
+      "created": "2020-11-20T16:37:28.475Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:52:20.309Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s contact list.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090",
+      "created": "2023-03-20T18:58:30.773Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:58:30.773Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--72a88d43-4144-444e-8f71-ac0d19ae3710",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.256Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.256Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can track the device’s location.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad",
+      "created": "2021-10-01T14:42:49.159Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device’s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen’s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69",
+      "created": "2019-10-14T19:14:18.673Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Group IB Gustuff Mar 2019",
+          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019.",
+          "url": "https://www.group-ib.com/blog/gustuff"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:32:47.359Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) hides its icon after installation.(Citation: Group IB Gustuff Mar 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.664Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-01T19:48:44.840Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has looked for specific applications, such as MiCode.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f",
+      "created": "2020-06-26T15:12:40.100Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020.",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:49:00.042Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e3a961ec-8184-4143-b8c2-c33ea0503678",
+      "type": "relationship",
+      "created": "2020-09-24T15:34:51.315Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.315Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can take photos and record videos.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3d65c2b7-c907-45e1-b942-95f7d765e749",
+      "created": "2023-03-20T18:53:34.056Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:53:34.056Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b",
+      "created": "2021-02-17T20:49:24.542Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:22:40.300Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) can run arbitrary shell commands.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33",
+      "created": "2023-03-20T19:00:09.608Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T19:00:09.608Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f",
+      "created": "2022-04-01T18:49:19.284Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators’ ability to reset the device’s passcode.",
+      "modified": "2022-04-01T18:49:19.284Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8",
+      "created": "2022-04-15T15:57:32.958Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:21:49.009Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can enable app installation from unknown sources.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7",
+      "created": "2022-03-31T19:53:01.320Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-31T19:53:01.320Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d",
+      "type": "relationship",
+      "created": "2019-08-09T18:06:11.672Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.672Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) can take pictures with both the front and rear-facing cameras.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017.",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:24:53.701Z",
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures SMS data.(Citation: Zscaler-SuperMarioRun)",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--48552acc-5f1a-422f-90fa-37108446f36d",
+      "created": "2022-03-30T19:14:20.374Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:14:20.374Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.308Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.308Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encodes its configurations using a customized algorithm.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d",
+      "created": "2020-05-04T14:04:56.179Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Bread](https://attack.mitre.org/software/S0432) payloads have used several commercially available packers.(Citation: Google Bread)",
+      "modified": "2022-04-15T17:20:54.552Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1f8f0021-6992-476c-ba1c-232542dc1633",
+      "created": "2023-03-20T18:58:52.857Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:58:52.857Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.157Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.157Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3",
+      "created": "2020-11-24T17:55:12.830Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:21:42.102Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can read SMS messages.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bba8b056-acbe-4fed-b890-965a446d7a3c",
+      "created": "2022-04-01T18:45:00.923Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be warned against granting access to accessibility features and device administration services, and to carefully scrutinize applications that request these dangerous permissions. Users should be taught how to boot into safe mode to uninstall malicious applications that may be interfering with the uninstallation process.",
+      "modified": "2022-04-01T18:45:00.923Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--71490fdb-e271-4a67-b932-5288924b1dae",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-DualToy",
+          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DualToy](https://attack.mitre.org/software/S0315) collects the connected iOS device’s information including IMEI, IMSI, ICCID, serial number and phone number.(Citation: PaloAlto-DualToy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:42:14.121Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted call logs.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7accde36-cb29-43c6-8c66-6486efd867a8",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.157Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather GPS coordinates.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a5b37f26-7629-4195-9536-12e349e5843b",
+      "created": "2023-03-20T18:51:04.334Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:51:04.334Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.519Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.519Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3841024e-1047-40fa-9e25-ac6d5c14612a",
+      "created": "2023-02-28T21:41:22.768Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:25:52.302Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view device contacts.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4cb926c1-c242-45c2-be46-07c22435a8a5",
+      "created": "2022-09-30T19:23:02.689Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T19:23:02.689Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors that would send information and data from a victim's mobile device to the C2 servers.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9",
+      "created": "2022-04-01T13:19:41.207Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T13:19:41.207Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9b8b51fb-c380-4516-b109-821f015506d4",
+      "created": "2023-03-20T15:40:26.994Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:40:26.994Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71",
+      "created": "2019-07-10T15:42:09.606Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:01:46.513Z",
+      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) controls implants using standard HTTP communication.(Citation: Lookout Dark Caracal Jan 2018) ",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--08c81253-975c-4780-8e85-c72bc6a90c88",
+      "created": "2020-10-29T19:21:23.225Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can generate revenue by automatically displaying ads.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0c558826-5cea-422e-8e67-83e53c04d409",
+      "created": "2020-06-26T15:32:25.146Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 using HTTP requests over port 8888.(Citation: CheckPoint Cerberus)",
+      "modified": "2022-04-20T16:37:46.192Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "modified": "2019-10-10T15:24:09.378Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can copy files from the device to the C2 server.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.593Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.593Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has seen native libraries used in some reported samples (Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca",
+      "created": "2019-09-03T19:45:48.510Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:10:15.827Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two collects a list of nearby base stations.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8",
+      "type": "relationship",
+      "created": "2020-09-24T15:34:51.433Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.433Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can record audio and outgoing calls.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d",
+      "created": "2023-02-06T19:01:08.265Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:07:32.636Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) has encoded files, such as exploit binaries, to potentially use during and after the rooting process.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.230Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.230Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has encrypted C2 communications using Base64-encoded RC4.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.412Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-15T15:36:42.312Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can retrieve a list of installed applications. Installed application names are then checked against an adversary-defined list of targeted applications.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb",
+      "created": "2019-09-04T15:38:56.881Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:56:00.761Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect device contacts.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fb62afa9-d593-44f8-840d-bd5c595a1228",
+      "created": "2022-04-01T18:44:46.780Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-01T18:44:46.780Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f857935b-653a-4b9a-a2dc-59c042059a39",
+      "created": "2023-03-20T15:56:04.673Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:56:04.673Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041",
+      "type": "relationship",
+      "created": "2017-10-25T14:48:53.742Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-06-24T15:08:18.481Z",
+      "description": "Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--455b1287-5784-42b4-91fb-01dac007758d",
+      "created": "2020-09-29T13:24:15.234Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can open a dialog box to ask the user for passwords.(Citation: Lookout-Dendroid)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e7b7e813-4867-46fe-bf86-6f367553d765",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.456Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "source_name": "SecureList - ViceLeaker 2019"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "modified": "2020-01-21T14:20:50.455Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can copy arbitrary files from the device to the C2 server, can exfiltrate browsing history, can exfiltrate the SD card structure, and can exfiltrate pictures as the user takes them.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0",
+      "created": "2022-04-01T16:52:03.322Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T16:52:03.322Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--950e1476-83ca-4e81-b542-c91a19b206d7",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.466Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.466Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device information such as network operator, model, brand, and OS version.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.035Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        },
+        {
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.035Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect device information, such as the default SMS app and device locale.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f",
+      "created": "2020-06-02T14:32:31.906Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)",
+      "modified": "2022-04-20T16:40:05.898Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365",
+      "created": "2019-09-04T14:28:15.950Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:35:59.273Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000",
+      "created": "2022-03-30T15:13:42.462Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T15:13:42.462Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--694857ba-92e8-462e-8900-a9f6fdcf495d",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.133Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.133Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4943cca6-69b1-4565-ac09-87ebda04584c",
+      "created": "2022-04-01T18:52:02.211Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught the dangers of rooting or jailbreaking their device.",
+      "modified": "2022-04-01T18:52:02.211Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070",
+      "created": "2022-04-15T17:18:44.185Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) obfuscated command information using a custom base85-based encoding.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T17:18:44.185Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via binary SMS.(Citation: Kaspersky-Skygofree)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad",
+      "created": "2020-12-24T21:55:56.752Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:26:16.282Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploits to root devices and install additional malware on the system partition.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf",
+      "created": "2023-03-20T15:46:49.646Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:46:49.646Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:53:38.161Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects contact list information.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--82f12052-783e-40e4-8079-d9c030c310fd",
+      "created": "2022-03-30T20:08:40.223Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. ",
+      "modified": "2022-03-30T20:08:40.223Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e35b013b-89e8-41b3-a518-7737234ab71b",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.312Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.312Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can take screenshots.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b670281-0054-42b4-8e54-ea01a692f5bf",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.900Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.900Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2",
+      "created": "2019-09-03T20:08:00.704Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) code is both obfuscated and packed with an FTT packer.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T17:18:58.074Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.286Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.286Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device network configuration information, such as mobile network operator.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.210Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two attempts to connect to port 22011 to provide a remote reverse shell.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad",
+      "created": "2023-03-20T18:55:03.385Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:55:03.385Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--069b2328-442b-491e-962d-d3fe01f0549e",
+      "created": "2019-09-04T14:28:15.479Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via email and SMS from a set of \"control phones.\"(Citation: Lookout-Monokle)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394",
+      "created": "2021-02-08T16:36:20.639Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:07:15.780Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has region-locked their malicious applications during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae",
+      "created": "2020-12-24T22:04:27.902Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:04:02.992Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--34dd5c26-eec9-4288-8e53-677271d490b2",
+      "created": "2023-01-18T19:46:02.646Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:43:57.834Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use accessibility event logging to steal data in text fields.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d",
+      "created": "2023-03-20T15:55:09.279Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:55:09.279Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb",
+      "created": "2020-09-11T16:22:03.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:58:57.686Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s cell tower information.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80",
+      "created": "2022-03-31T19:51:41.431Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
+      "modified": "2022-03-31T19:51:41.431Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--12de5aeb-9427-4665-81a0-257c76d6f188",
+      "created": "2023-03-03T16:20:48.781Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:20:48.781Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has replaced device apps with ones it has downloaded.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--88ded3fb-759e-4e96-946b-e7148c54856e",
+      "created": "2022-04-08T16:29:30.371Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-08T16:29:30.371Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2",
+      "created": "2023-03-20T15:28:54.837Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:28:54.837Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9",
+      "created": "2022-04-05T19:52:32.201Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:52:32.201Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625",
+      "created": "2022-03-31T16:33:55.074Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-31T16:33:55.074Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--14474366-938a-4359-bf24-e2c718adfaf5",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.382Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.382Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can download new libraries when instructed to.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017.",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:24:32.173Z",
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures call data.(Citation: Zscaler-SuperMarioRun)",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.615Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.615Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record videos.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--670a0995-a789-4674-9e91-c74316cdef90",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.621Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.621Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record audio from phone calls and the device microphone.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee",
+      "created": "2020-11-24T17:55:12.895Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can show a phishing WebView pretending to be a Google service that collects credit card information.(Citation: Talos GPlayed)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--886849fc-f83c-4d69-b700-bfad0def765d",
+      "created": "2023-03-16T18:32:30.054Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:32:30.054Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.218Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T14:52:03.218Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can obtain the running application.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.451Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.451Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect the device’s ID.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-15T19:44:36.125Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--716f68ee-1e77-4254-8f67-d8f3c71db678",
+      "type": "relationship",
+      "created": "2021-09-20T13:59:00.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2021-09-20T13:59:00.498Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via phone call from a set of \"control phones.\"(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.597Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "source_name": "FortiGuard-FlexiSpy"
+        }
+      ],
+      "modified": "2019-09-10T14:59:25.979Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) encrypts its configuration file using AES.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f",
+      "created": "2020-06-24T18:24:35.707Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:30:27.616Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device’s keychain.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) gathers audio from the microphone.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.021Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9",
+      "created": "2020-04-08T15:51:25.149Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:30:28.587Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can download the device’s contact list.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:24:55.047Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) requests Android Device Administrator access.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56",
+      "created": "2020-06-26T15:32:25.045Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:27:05.040Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect SMS messages from a device.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.903Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.903Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has base64-encoded the exfiltrated data, replacing some of the base64 characters to further obfuscate the data.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055",
+      "created": "2020-01-27T17:05:58.310Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:28:20.439Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect SMS messages.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4af26643-880f-4c34-a4a8-23e89b950c9d",
+      "created": "2019-09-04T15:38:56.883Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:18:38.582Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect the device calendars.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--93c20f43-6684-471c-910f-d9577f289677",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-19T15:47:05.436Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted location information.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.407Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.407Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has gathered the device manufacturer, model, and serial number.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52",
+      "created": "2023-01-19T18:07:52.146Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:19:25.438Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can exfiltrate collected user data, including credentials and authorized cookies, via email.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-WireLurker",
+          "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[WireLurker](https://attack.mitre.org/software/S0312) monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.(Citation: PaloAlto-WireLurker)",
+      "relationship_type": "uses",
+      "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2cdd5474-620c-499e-8b9c-835505febc2c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:00:45.438Z",
+      "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d89c132d-7752-4c7f-9372-954a71522985",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eb784dcf-4188-47e2-9217-837b262acfb9",
+      "created": "2022-04-01T18:43:01.860Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-01T18:43:01.860Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059",
+      "created": "2023-03-20T18:51:23.032Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:51:23.032Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5",
+      "created": "2020-04-08T15:41:19.445Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        },
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the C2 address from Twitter and Telegram.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)",
+      "modified": "2022-04-20T17:57:23.327Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.273Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.273Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record audio and phone calls.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--442dd700-2d7d-4cad-8282-9027e4f69133",
+      "created": "2022-03-30T20:31:41.927Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
+      "modified": "2022-03-30T20:31:41.927Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.900Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.900Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s IMEI, phone number, and country.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c",
+      "type": "relationship",
+      "created": "2020-01-21T15:29:27.041Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2020-01-21T15:29:27.041Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can download attacker-specified files.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.495Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.495Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect device photos and credentials from other applications.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.617Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.617Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect account information stored on the device.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--873b98de-d7cf-471b-9aa2-229eb03c9165",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.459Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.459Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--25655385-5b0d-4700-a59f-d5d043625b84",
+      "created": "2023-02-06T18:50:50.273Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:13:16.813Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can use rooting exploits to silently give itself permissions or install additional malware.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2",
+      "created": "2023-03-20T18:59:57.364Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:59:57.364Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213",
+      "created": "2022-04-20T17:31:58.697Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) has exfiltrated data using FTP.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2022-04-20T17:31:58.697Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--06348e22-9a06-4e4c-a57c-e438462e7fce",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.173Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record audio via the microphone when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Gooligan Citation",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
+        }
+      ],
+      "modified": "2019-10-10T15:18:51.154Z",
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) executes Android root exploits.(Citation: Gooligan Citation)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.624Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.624Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can dynamically load additional functionality.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081",
+      "created": "2023-01-18T19:19:01.740Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:52:20.587Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use Accessibility Services to disable Google Play Protect.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3f81a680-3151-4608-b83f-550756632013",
+      "type": "relationship",
+      "created": "2020-07-20T13:58:53.604Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.301Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s IMEM, ICCID, and MEID.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--506d657b-1634-442e-8179-7187f82feb3a",
+      "created": "2020-12-24T21:55:56.691Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:38:17.926Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the call logs.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38",
+      "created": "2022-04-01T18:43:25.764Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
+      "modified": "2022-04-01T18:43:25.764Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd",
+      "type": "relationship",
+      "created": "2020-06-26T15:12:40.094Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:12:40.094Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87",
+      "type": "relationship",
+      "created": "2020-06-26T15:12:40.098Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:12:40.098Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f6098dca-3a9e-4991-8d51-1310b12161b6",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) uses SMS for command and control.(Citation: Lookout-PegasusAndroid)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--97408547-bacd-4308-a8be-556e9ff04951",
+      "created": "2023-03-20T18:55:23.628Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:55:23.628Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4df6a22e-489f-400c-b953-cc53bfb708a3",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.296Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s iOS version can collect device information.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.919Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:27.919Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--352fabc8-48fe-4190-92b3-49b00348bb22",
+      "created": "2019-03-11T15:13:40.454Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Anserver",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/",
+          "description": "Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.(Citation: TrendMicro-Anserver)",
+      "modified": "2022-04-18T19:04:48.388Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d",
+      "created": "2023-03-15T16:34:51.794Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-15T16:34:51.794Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415",
+      "created": "2022-03-30T14:50:07.291Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect unauthorized operating system modifications.",
+      "modified": "2022-03-30T14:50:07.291Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349",
+      "created": "2020-10-29T19:01:13.826Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Microsoft MalLockerB",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:44:31.187Z",
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has registered to receive 14 different broadcast intents for automatically triggering malware payloads. (Citation: Microsoft MalLockerB)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a",
+      "created": "2022-04-01T14:51:51.593Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications. ",
+      "modified": "2022-04-01T14:51:51.593Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.351Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.351Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect a list of installed applications.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--32958f57-ad9b-4fe1-abf3-6f92df895014",
+      "type": "relationship",
+      "created": "2019-08-05T13:22:03.917Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.873Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--19b95b83-bac0-455f-882f-0209abddb76f",
+      "created": "2022-04-05T20:11:35.619Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Applications that properly encrypt network traffic may evade some forms of AiTM behavior. ",
+      "modified": "2022-04-05T20:11:35.619Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b610c587-576a-40cc-9f76-6362455c8ff4",
+      "created": "2023-03-20T18:43:01.334Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:43:01.334Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--86170d29-0e41-44d0-94b0-de7d23718302",
+      "created": "2022-04-05T19:42:39.957Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 12 Features",
+          "url": "https://developer.android.com/about/versions/12/features",
+          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
+      "modified": "2022-04-05T19:51:47.956Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619",
+      "created": "2023-03-20T18:44:04.803Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:44:04.803Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c1512591-7440-4a69-93b9-fe439a4c197e",
+      "created": "2022-03-28T19:40:40.860Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-28T19:40:40.860Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c23d9eff-1d4e-479f-a114-acc535540a23",
+      "created": "2023-03-20T18:46:51.895Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:46:51.895Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a",
+      "created": "2020-06-26T14:55:13.304Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can display popups over running applications.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.213Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.213Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of installed applications.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:54:13.685Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole contact list data stored both on the the phone and the SIM card.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1",
+      "created": "2023-01-18T19:13:15.991Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:11:24.686Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) has code to use Firebase Cloud Messaging for receiving C2 instructions.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a76d731b-484c-442a-b1a3-255d8398aefd",
+      "type": "relationship",
+      "created": "2019-10-10T15:22:52.545Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-RCSAndroid",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
+        }
+      ],
+      "modified": "2019-10-10T15:22:52.545Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
       "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--73d22490-4043-42d7-ad25-74e4a642bf6a",
-      "created": "2023-03-20T18:41:45.186Z",
+      "id": "relationship--ce645a25-160f-443d-b288-fdd108b78a06",
+      "created": "2020-09-11T16:22:03.269Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:41:00.652Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s call log.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc",
+      "created": "2019-09-04T14:28:15.412Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:19:04.639Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve calendar event information including the event name, when and where it is taking place, and the description.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b",
+      "created": "2023-02-28T20:31:03.379Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        },
+        {
+          "source_name": "bitdefender_flubot_0524",
+          "description": "Filip TRUȚĂ, Răzvan GOSA, Adrian Mihai GOZOB. (2022, May 24). New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike. Retrieved February 28, 2023.",
+          "url": "https://www.bitdefender.com/blog/labs/new-flubot-campaign-sweeps-through-europe-targeting-android-and-ios-users-alike/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:06:56.734Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can send SMS phishing messages to other contacts on an infected device.(Citation: proofpoint_flubot_0421)(Citation: bitdefender_flubot_0524)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--848581bc-bf8f-40e2-871e-cd67042b4adf",
+      "created": "2023-01-18T19:14:40.120Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:59:26.448Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use overlays to steal user banking credentials entered into legitimate sites.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c",
+      "created": "2022-04-01T18:51:44.595Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
+      "modified": "2022-04-01T18:51:44.595Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--de7e3a71-1152-481c-8e5c-88f53852cab6",
+      "created": "2022-04-01T15:16:53.239Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:16:53.239Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072",
+      "type": "relationship",
+      "created": "2020-09-11T15:14:34.064Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SMS KitKat",
+          "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html",
+          "description": "S.Main, D. Braun. (2013, October 14).  Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-10-22T17:04:15.708Z",
+      "description": "Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.(Citation: SMS KitKat)",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71",
+      "created": "2022-04-18T15:49:00.561Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-18T15:49:00.561Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--95fec5e4-d48a-471f-8223-711cd32659b8",
+      "created": "2022-04-01T18:49:51.050Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:49:51.050Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e135cefa-f019-479d-86eb-438972df73e0",
+      "created": "2019-09-04T15:38:56.702Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:48:30.652Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) installs boot hooks into `/system/su.d`.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
+        }
+      ],
+      "modified": "2019-10-15T19:27:27.997Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c86918a3-6e41-4dfb-8b18-650fff596801",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.207Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.207Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--adc9957c-fa57-4e81-9231-b60f01b69859",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.010Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.010Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e826926-fd5b-407c-adbc-e998058728d3",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.786Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.139Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record both incoming and outgoing phone calls, as well as microphone audio.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.888Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.888Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de",
+      "created": "2023-03-20T15:57:00.953Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:41:45.186Z",
+      "modified": "2023-03-20T15:57:00.953Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe",
+      "created": "2017-10-25T14:48:53.746Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "A locked bootloader could prevent unauthorized modifications to protected operating system files. ",
+      "modified": "2022-03-30T20:07:33.678Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5d37400f-80f9-4500-9357-185650e5a7b2",
+      "created": "2023-02-06T18:54:13.573Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:14:02.866Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can use HTTP to communicate with the C2 server.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:22:32.033Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather SMS messages.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--825ffecc-090f-44c8-87be-f7b72e07f987",
+      "created": "2022-04-01T18:43:15.716Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
+      "modified": "2022-04-01T18:43:15.716Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9c302eb1-1810-48a5-b34d-6aae303d2097",
+      "created": "2022-04-01T15:16:26.387Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not open links in applications they don’t recognize.",
+      "modified": "2022-04-01T15:16:26.387Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e8768455-4d0c-4e3c-a901-1fc871227745",
+      "created": "2022-03-30T17:54:56.603Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T17:54:56.603Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4920a041-86f7-495b-896c-4d964950ed7e",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.454Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.454Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has contained native libraries.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3",
+      "created": "2023-03-03T16:26:48.531Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:26:48.531Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected compromised device MAC addresses.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd",
+      "created": "2022-04-01T15:02:43.475Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:02:43.475Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a",
+      "created": "2023-03-20T18:53:52.174Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:53:52.174Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fb587f81-1300-438d-a33b-f8d08530788b",
+      "created": "2019-07-10T15:35:43.704Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:41:13.182Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) exfiltrates data using HTTP.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a808c887-b2b8-4b05-9cab-47c918e48d48",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.257Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.257Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can send SMS messages from compromised devices.(Citation: Securelist Asacub) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e245e45a-71a8-408d-8f32-7b7337bffc26",
+      "created": "2023-01-18T19:19:58.007Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:10:23.208Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can hide its application icon.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402",
+      "created": "2021-10-01T14:42:49.178Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:25:39.509Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-RCSAndroid",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:23:38.651Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect SMS, MMS, and Gmail messages.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48",
+      "created": "2020-09-24T15:34:51.298Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:24:09.872Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can intercept SMS messages.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4b7e117b-0c82-49d0-bee6-119158b3355b",
+      "created": "2023-02-28T20:32:37.800Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T20:32:50.168Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can disable Google Play Protect to prevent detection.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57293fc9-8838-4acd-a16f-48f516d0921e",
+      "created": "2020-04-08T15:51:25.122Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:29:51.699Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.502Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.502Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can take screenshots.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71",
+      "created": "2022-03-30T20:53:54.296Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:53:54.296Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d",
+      "created": "2019-09-23T13:36:08.451Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) procedurally generates subdomains for command and control communication.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb",
+      "created": "2020-11-10T17:08:35.846Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used specially crafted SMS messages to control the target device.(Citation: Lookout Uyghur Campaign) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.582Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.582Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device network configuration information such as IMSI, IMEI, and Wi-Fi connection state.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:49.184Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:49.184Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device’s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9432fabf-9487-469c-86c9-b9d26b013c85",
+      "created": "2022-04-01T13:13:10.587Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Call Log access an uncommonly needed permission, so users should be instructedto use extra scrutiny when granting access to their call logs. ",
+      "modified": "2022-04-01T13:13:10.587Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9",
+      "created": "2022-04-01T17:08:15.158Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "CSRIC5-WG10-FinalReport",
+          "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf",
+          "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ",
+      "modified": "2022-04-11T19:09:00.362Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CrowdStrike-Android",
+          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
+          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was believed to have been used to obtain locational data of Ukrainian artillery forces.(Citation: CrowdStrike-Android)",
+      "relationship_type": "uses",
+      "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--319d46b5-de41-4f23-9001-2fa75f954720",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:01:14.020Z",
+      "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.419Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.419Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture audio from the device’s microphone and can record phone calls.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f051c943-998c-4db2-9dbc-d4755057bcf0",
+      "created": "2022-04-05T19:49:06.417Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-05T19:49:06.417Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.417Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.417Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture photos and videos from the device’s camera.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "modified": "2019-10-15T19:54:10.284Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole geo-location data.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0",
+      "created": "2020-10-29T17:48:27.394Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:30:18.307Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952",
+      "created": "2020-04-24T17:46:31.564Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:25:55.378Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can intercept SMS messages.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416",
+      "created": "2023-03-20T18:52:56.247Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:52:56.247Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.478Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-10-14T17:52:48.001Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the screen as the user unlocks the device and can take screenshots of any application in the foreground. [Monokle](https://attack.mitre.org/software/S0407) can also abuse accessibility features to read the screen to capture data from a large number of popular applications.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0",
+      "created": "2017-10-25T14:48:53.741Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.",
+      "modified": "2022-03-30T20:25:46.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed",
+      "created": "2019-07-10T15:35:43.668Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:55:00.294Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses the device contact list.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d4154247-90ce-43b9-8c17-5c28f67617f5",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.747Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.747Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed browser history, as well as the files for 15 other apps.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--529107fd-6420-4573-8dbf-cdcd49c2708c",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.307Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.307Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can gather device network information.(Citation: Cybereason EventBot) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf",
+      "created": "2023-03-16T18:28:28.144Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:28:28.144Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf",
+          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
+          "source_name": "CrowdStrike-Android"
+        }
+      ],
+      "modified": "2020-03-20T16:37:06.668Z",
+      "description": "(Citation: CrowdStrike-Android)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c",
+      "target_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.819Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.819Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s location and track the device over time.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8",
+      "created": "2022-03-30T18:06:21.355Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Symantec-iOSProfile2",
+          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
+          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
+        },
+        {
+          "source_name": "Android-TrustedCA",
+          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
+          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
+      "modified": "2022-03-30T18:06:21.355Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544",
+      "created": "2022-04-05T19:40:25.071Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:40:25.071Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda",
+      "created": "2023-02-06T19:02:00.135Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:16:28.481Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself microphone permissions.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0cabc5f9-045e-490c-a97f-efe00dbade86",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.276Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.276Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record video.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2",
+      "created": "2022-04-01T15:13:55.124Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not open links in applications they don’t recognize.",
+      "modified": "2022-04-01T15:13:55.124Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--01965668-d033-4aca-a8e5-71a07070e266",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383",
+      "created": "2022-04-05T20:17:46.149Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:17:46.149Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--393e8c12-a416-4575-ba90-19cc85656796",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671",
+      "created": "2021-02-08T16:36:20.709Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-18T16:07:26.671Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0727ac06-5b46-4f79-abe9-63c1b923d383",
+      "created": "2023-02-06T19:05:56.974Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:07:11.541Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) has included encoded shell scripts to potentially aid in the rooting process.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9",
+      "created": "2022-04-06T13:57:38.847Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:57:38.847Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcb3a139-f644-45c9-8123-dfea0455143a",
+      "type": "relationship",
+      "created": "2019-08-09T17:56:05.588Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.588Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record video and take photos via front and rear cameras.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f",
+      "created": "2022-03-28T19:25:38.355Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches that inhibit system software compromises.",
+      "modified": "2022-03-28T19:25:38.355Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e03b0eb5-32c6-4867-9235-77fe32192983",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.916Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.071Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can track the device's location.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f",
+      "created": "2019-12-10T16:07:41.083Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:21:03.081Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can enable installation of apps from unknown sources.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73",
+      "type": "relationship",
+      "created": "2020-07-20T14:12:15.566Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Check Point-Joker",
+          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
+          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-07-20T14:12:15.566Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can collect device notifications.(Citation: Check Point-Joker)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--22334426-e99f-4e97-b4dd-17e297da4118",
+      "created": "2020-12-24T21:55:56.696Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:23:54.777Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.497Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2019-11-21T16:42:48.497Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can take photos from both the front and back cameras.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7",
+      "created": "2022-04-15T16:00:43.483Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:52:33.829Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can turn off `VerifyApps`, and can grant Device Administrator permissions via commands only, rather than using the UI.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fa1da6db-da32-45d2-98a8-6bbe153166da",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) tracks the device location.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.728Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.728Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6",
+      "created": "2020-09-14T13:35:45.911Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ESET-Twitoor",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can be controlled via Twitter.(Citation: ESET-Twitoor)",
+      "modified": "2022-04-20T17:56:24.292Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--02e4aedc-0674-4598-948b-0a32758af9ca",
+      "created": "2022-04-01T13:14:43.195Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T13:14:43.195Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:28:46.820Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects SMS messages.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6a715733-cde6-4903-b967-35562b584c6f",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.878Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.878Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.314Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.314Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has utilized foreground services.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4efa4953-7854-4144-8837-d7831ccbe35d",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.691Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.691Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect a list of installed applications.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45",
+      "created": "2019-09-15T15:32:17.580Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android Notification Listeners",
+          "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)",
+          "description": "Android. (n.d.).  DevicePolicyManager. Retrieved September 15, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On Android devices with a work profile, the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications running within the personal profile that can access notifications generated within the work profile. This policy would not affect notifications generated by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable notification access for unwanted applications, but this method would also block that entire application from running.(Citation: Android Notification Listeners) ",
+      "modified": "2022-04-01T14:50:28.686Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.310Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T14:52:03.310Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can send SMS messages.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f",
+      "created": "2023-03-20T18:58:33.787Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:58:33.787Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1",
+      "created": "2020-10-29T17:48:27.175Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:18:05.613Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--54151897-cc7e-4f92-af50-bed41ea78d92",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:03:20.968Z",
+      "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--28e39395-91e7-4f02-b694-5e079c964da9",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3",
+      "created": "2023-02-06T19:01:39.599Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:25:11.903Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself contact list access.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--35453bbb-c9b3-4421-8452-95efdd290d21",
+      "type": "relationship",
+      "created": "2021-01-20T16:01:19.323Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zimperium z9",
+          "url": "https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/",
+          "description": "zLabs. (2019, November 12).  How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.323Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of running processes.(Citation: Zimperium z9)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--12852406-87df-4892-a177-e15e81739000",
+      "created": "2023-03-20T18:50:14.139Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:50:14.139Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.445Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.445Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s camera.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef",
+      "created": "2020-07-27T14:14:56.993Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads.(Citation: Google Security Zen)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108",
+      "created": "2023-03-20T18:57:17.059Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:57:17.059Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--afc0e8b2-2e85-4640-8517-fb2e16831082",
+      "created": "2023-01-18T19:45:27.807Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:56:03.190Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use a WebView with a fake log in site to capture banking credentials.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f",
+      "created": "2020-12-24T21:55:56.749Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:41:52.454Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has hidden its app icon.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9b262ba-1c32-40b3-8622-121b30d6df50",
+      "type": "relationship",
+      "created": "2019-10-10T15:14:57.378Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-10T15:14:57.378Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract information on pictures from the Gallery, Chrome and SBrowser bookmarks, and the connected WiFi network's password.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cce82a76-5390-473d-9e7c-9450d1509d1d",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.314Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.314Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can download its second (Loader) and third (Core) stages after the dropper is installed.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) update and sends the location of the phone.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--54dac52d-5279-407f-b7b4-5484ae90b98c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.402Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.402Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has downloaded and installed additional applications.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4896e256-fb04-403c-bbb7-2323b158a6e0",
+      "created": "2022-03-30T19:52:05.143Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:52:05.143Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.682Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record phone calls and surrounding audio.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d",
+      "created": "2020-12-17T20:15:22.496Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:55:35.453Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s contact list.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd",
+      "type": "relationship",
+      "created": "2020-05-04T14:04:56.214Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "modified": "2020-05-04T15:40:21.076Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) has used native code in an attempt to disguise malicious functionality.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78",
+      "created": "2023-02-28T20:37:59.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:08:37.122Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can obfuscated class, string, and method names in newer malware versions.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "modified": "2019-10-09T14:51:42.827Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4735277-516a-4cd2-9607-a3e415945d93",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.800Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:54:20.494Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can remotely capture device audio.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3565140f-1570-494d-9d6f-91c9203ece69",
+      "created": "2023-03-20T18:52:29.821Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:52:29.821Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f65087b4-adf2-4292-a711-7ae829e91397",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.385Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.877Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can list applications installed on the device.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91",
+      "created": "2020-12-18T20:14:47.369Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020.",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:48:00.045Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has registered several broadcast receivers.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93",
+      "created": "2023-03-20T18:21:59.396Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:21:59.396Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--75ed2348-279f-4485-97a3-9a5ada27d799",
+      "created": "2023-02-06T19:06:17.406Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:06:17.406Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can disable Play Protect.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--80778a1e-715d-477b-87fa-e92181b31659",
+      "created": "2020-12-24T21:45:56.967Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:15:22.472Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3b24a287-36e1-49b9-811d-c0080147ff57",
+      "created": "2023-03-20T18:41:47.754Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:41:47.754Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b6726136-3c20-4921-a0cb-75a66f59107c",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.296Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect network configuration data from the device, including phone number, SIM operator, and network operator.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ArsTechnica-HummingBad",
+          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
+          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-21T18:51:23.251Z",
+      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can create fraudulent statistics inside the official Google Play Store, and has generated revenue from installing fraudulent apps and displaying malicious advertisements.(Citation: ArsTechnica-HummingBad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57a069a0-399f-43ab-9efc-50432a41b26b",
+      "created": "2020-12-24T21:55:56.743Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:36:12.585Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has deleted or renamed specific files.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9",
+      "created": "2019-07-16T14:33:12.113Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Krebs-Triada June 2019",
+          "url": "https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/",
+          "description": "Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019."
+        },
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Triada](https://attack.mitre.org/software/S0424) was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.(Citation: Google Triada June 2019)(Citation: Krebs-Triada June 2019)",
+      "modified": "2022-04-19T15:47:32.152Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca",
+      "created": "2023-03-20T18:58:19.895Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:58:19.895Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af",
+      "created": "2023-01-18T21:20:01.333Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:56:41.614Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use HTTP to send C2 messages to infected devices.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8",
+      "created": "2019-11-21T16:42:48.437Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:22:18.013Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect SMS messages.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--891edea2-817c-4eeb-9991-b6e095c269a8",
+      "created": "2020-06-02T14:32:31.903Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:40:06.957Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d32003ba-959b-4377-aa04-f75275c32abf",
+      "created": "2019-07-16T14:33:12.144Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019.",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:40:27.131Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) utilized HTTP to exfiltrate data through POST requests to the command and control server.(Citation: Google Triada June 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817",
+      "created": "2019-09-20T18:03:57.062Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android 10 Execute",
+          "url": "https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission",
+          "description": "Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September 20, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)",
+      "modified": "2022-04-01T18:37:44.516Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a",
+      "created": "2023-03-20T18:44:36.073Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:44:36.073Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.596Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has exfiltrated local account data and calendar information as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--148703c5-6d07-439c-a4ff-d77119c70857",
+      "created": "2023-03-20T18:52:21.767Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:52:21.767Z",
       "description": "",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d886f368-a38b-4cb3-906f-9b284f58b369",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.066Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.066Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) decrypts executables from archive files stored in the `assets` directory of the installation binary.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62",
+      "created": "2023-03-20T18:57:14.194Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:57:14.194Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962",
+      "created": "2022-03-30T19:54:07.548Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
+      "modified": "2022-03-30T19:54:07.548Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--66ba3094-7c14-41b9-b7c1-814d026156b9",
+      "type": "relationship",
+      "created": "2020-09-11T15:58:40.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:58:40.846Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete and send SMS messages.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc",
+      "created": "2020-09-14T14:13:45.286Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/esurv-research"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:40:48.237Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1",
+      "created": "2022-04-06T13:52:46.831Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 7 changed how the Device Administrator password APIs function.",
+      "modified": "2022-04-06T13:52:46.831Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb",
+      "created": "2020-12-24T22:04:28.024Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:41:54.548Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab",
+      "created": "2023-01-18T19:58:21.223Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-01-18T19:58:21.223Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) has used RSA to encrypt the symmetric encryption key used for C2 messages.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.981Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.981Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has access to the device’s location.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--10560632-6449-4579-90eb-20fc46dcca08",
+      "created": "2020-10-29T19:21:23.200Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:49:16.886Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can check that the device IP is not in the range of known Google IP addresses before triggering the payload and can delay payload deployment to avoid detection during testing and avoid association with unwanted ads.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "HackerNews-OldBoot",
+          "description": "Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December 21, 2016.",
+          "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[OldBoot](https://attack.mitre.org/software/S0285) uses escalated privileges to modify the init script on the device's boot partition to maintain persistence.(Citation: HackerNews-OldBoot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f",
+      "created": "2019-09-03T19:45:48.518Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:11:03.802Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can capture SMS messages.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951",
+      "created": "2023-01-19T18:08:14.716Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-01T16:50:04.964Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) has encrypted C2 details, email addresses, and passwords.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95",
+      "type": "relationship",
+      "created": "2019-10-18T15:51:48.525Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-10-18T15:51:48.525Z",
+      "description": "Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3",
+      "created": "2020-07-20T13:27:33.486Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:54:25.851Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s contact list.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.887Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.887Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s model, country, and Android version.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd",
+      "created": "2023-03-20T18:43:03.117Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:43:03.117Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e928c0ce-2b98-4af5-a990-f690f4306681",
+      "created": "2023-03-20T18:43:46.070Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:43:46.070Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6cace9e3-f095-4914-bddc-24cec8bcc859",
+      "type": "relationship",
+      "created": "2020-09-24T15:34:51.276Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.276Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec",
+      "created": "2022-04-01T15:54:48.924Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Applications very rarely require administrator permission. Developers should be cautioned against using this higher degree of access to avoid being flagged as a potentially malicious application. ",
+      "modified": "2022-04-01T15:54:48.924Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.420Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.420Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved device images for exfiltration.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695",
+      "type": "relationship",
+      "created": "2020-09-11T16:23:16.363Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:23:16.363Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can send SMS messages.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8",
+      "created": "2022-04-05T19:49:59.027Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:49:59.027Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--634071ce-d386-4143-8e6e-b88bc077de6d",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.961Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.782Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can dynamically load executable code from remote sources.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6",
+      "type": "relationship",
+      "created": "2020-10-29T17:48:27.332Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.332Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3",
+      "created": "2020-12-14T14:52:03.283Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP requests over port 7878.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-20T16:43:23.973Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.488Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "source_name": "SecureList - ViceLeaker 2019"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "modified": "2020-01-21T14:20:50.474Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can record audio from the device’s microphone and can record phone calls together with the caller ID.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ArsTechnica-HummingBad",
+          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
+          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can exploit unfixed vulnerabilities in older Android versions to root victim phones.(Citation: ArsTechnica-HummingBad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7965128c-89d6-411e-b765-c60e0cae96c6",
+      "created": "2023-02-06T19:40:36.807Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:36:23.084Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can manipulate clipboard data to replace cryptocurrency addresses.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07",
+      "created": "2023-03-20T18:54:25.458Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:54:25.458Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1",
+      "created": "2019-09-04T15:38:56.809Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:37:35.704Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can delete data from a compromised device.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb",
+      "created": "2023-03-20T18:58:14.140Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:58:14.140Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.496Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-14T16:47:53.226Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two extracts information from Facebook, Facebook Messenger, Gmail, IMO, Skype, Telegram, Viber, WhatsApp, and WeChat.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847",
+      "created": "2022-04-06T13:30:03.526Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.",
+      "modified": "2022-04-06T13:30:03.527Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f",
+      "created": "2022-03-30T20:07:33.291Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:07:33.291Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e012da15-7669-4764-ad9d-8a1d817bcca9",
+      "created": "2023-03-20T18:23:04.068Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:23:04.068Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3",
+      "type": "relationship",
+      "created": "2021-04-19T14:29:46.530Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T14:29:46.530Z",
+      "description": " [SilkBean](https://attack.mitre.org/software/S0549) can send SMS messages.(Citation: Lookout Uyghur Campaign) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcc42341-ec3a-4e24-a374-46bed72d061f",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:49.191Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:49.191Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594",
+      "created": "2022-04-05T17:14:08.267Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:14:08.267Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:02:40.717Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used HTTP uploads to a URL as a command and control mechanism.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fe794ba6-42be-4d42-a16f-a41473874331",
+      "created": "2022-03-30T15:08:13.679Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android-VerifiedBoot",
+          "url": "https://source.android.com/security/verifiedboot/",
+          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
+      "modified": "2022-03-30T15:08:13.679Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5",
+      "created": "2022-04-06T15:47:06.163Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:47:06.163Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf",
+      "created": "2023-02-06T18:59:46.976Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:12:28.993Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can collect device IP address and SIM information.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e913583-123a-47af-8872-98fc12ab4a6a",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.846Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can send SMS messages.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2",
+      "created": "2022-03-30T19:12:31.481Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:12:31.481Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0e8607f6-daab-44df-b167-105403a4ef41",
+      "created": "2023-01-18T19:57:33.986Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:39:39.355Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use the “Direct Reply” feature of Android to automatically reply to notifications with a message provided by C2.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7",
+      "created": "2023-03-20T15:33:34.181Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:33:34.181Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263",
+      "created": "2023-03-15T16:23:59.107Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-15T16:23:59.107Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--48854999-1c12-4454-bb7c-051691a081f9",
+      "created": "2022-03-28T19:25:49.640Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Ensure Verified Boot is enabled on devices with that capability.",
+      "modified": "2022-03-28T19:25:49.640Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da",
+      "type": "relationship",
+      "created": "2021-09-24T14:52:41.308Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2021-09-24T14:52:41.308Z",
+      "description": " [Monokle](https://attack.mitre.org/software/S0407) can hook itself to appear invisible to the Process Manager.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--08a43019-d393-451f-a23c-2dfa17ec40b2",
+      "created": "2023-01-18T19:15:24.775Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:51:07.963Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can steal incoming SMS messages and send SMS messages from compromised devices. (Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:37:02.853Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole call logs.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--96569099-db95-4f3c-8ded-6d9cf023e55e",
+      "created": "2019-09-03T20:08:00.717Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can use SMS for command and control from a defined admin phone number.(Citation: Talos Gustuff Apr 2019) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c",
+      "created": "2019-11-21T19:16:34.820Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint SimBad 2019",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.(Citation: CheckPoint SimBad 2019)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2793d721-df10-4621-8387-f3342def59a1",
+      "created": "2022-03-30T18:14:36.786Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
+      "modified": "2022-03-30T18:14:36.786Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e",
+      "created": "2023-02-28T20:34:18.504Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:12:45.147Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use HTTP POST requests on port 80 for communicating with its C2 server.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--049c39ab-c036-457a-9b8f-4318416658b8",
+      "created": "2022-03-30T19:54:24.468Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "A locked bootloader could prevent unauthorized modifications of protected operating system files. ",
+      "modified": "2022-03-30T19:55:15.724Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--38962b26-7cbe-4761-8b4f-50a022167c4d",
+      "created": "2019-09-03T20:08:00.708Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) checks for antivirus software contained in a predefined list.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T16:55:56.825Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--51757971-17ac-40c3-bae7-78365579db49",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Obad",
+          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:02:27.188Z",
+      "description": "[OBAD](https://attack.mitre.org/software/S0286) abuses device administrator access to make it more difficult for users to remove the application.(Citation: TrendMicro-Obad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1284f6fe-d352-415c-9479-82141524380a",
+      "created": "2022-03-30T18:06:48.250Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
+      "modified": "2022-03-30T18:06:48.250Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a",
+      "created": "2023-03-20T18:39:10.113Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:39:10.113Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cc345ae4-0d60-4f21-98b3-596c15118745",
+      "created": "2023-02-06T19:42:46.814Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:38:03.367Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can send SMS messages.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6c35f99c-153d-4023-a29a-821488ce5418",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.383Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.383Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of installed applications to compare to a list of targeted applications.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a20493e1-4699-405d-a291-c28aae8ed737",
+      "created": "2022-04-18T16:53:24.617Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. [RedDrop](https://attack.mitre.org/software/S0326) also downloads additional components (APKs, JAR files) from different C2 servers.(Citation: Wandera-RedDrop) ",
+      "modified": "2022-04-20T16:33:23.507Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341",
+      "type": "relationship",
+      "created": "2019-07-16T14:33:12.085Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "modified": "2020-04-27T16:52:49.480Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) utilizes a backdoor in a Play Store app to install additional trojanized apps from the Command and Control server.(Citation: Google Triada June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8",
+      "created": "2019-09-04T15:38:56.721Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:48:43.225Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses root access to establish reboot hooks to re-install the application from `/data/misc/adn`.(Citation: FortiGuard-FlexiSpy) At boot, [FlexiSpy](https://attack.mitre.org/software/S0408) spawns daemons for process monitoring, call monitoring, call managing, and system.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306",
+      "type": "relationship",
+      "created": "2020-05-07T15:33:32.778Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-07T15:33:32.778Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.450Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device network configuration information, such as Wi-Fi SSID and IMSI.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.282Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.282Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can record the screen.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2",
+      "created": "2023-01-18T21:24:28.714Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:55:39.648Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use a Domain Generation Algorithm to decode the C2 server location.(Citation: nccgroup_sharkbot_0322) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c",
+      "created": "2020-09-11T14:54:16.646Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:45:14.199Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can hide its icon.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f",
+      "created": "2023-03-20T18:43:14.051Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:43:14.051Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998",
+      "created": "2020-04-08T15:41:19.385Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can create overlays to capture user credentials for targeted applications.(Citation: Cofense Anubis)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cd7a2294-1e14-42e8-b870-d99d73443b88",
+      "created": "2022-04-01T12:37:42.068Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught the danger behind granting unnecessary permissions to an application and should be advised to use extra scrutiny when an application requests them. ",
+      "modified": "2022-04-01T12:37:42.068Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0",
+      "created": "2019-09-03T20:08:00.711Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Group IB Gustuff Mar 2019",
+          "url": "https://www.group-ib.com/blog/gustuff",
+          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019."
+        },
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) uses WebView overlays to prompt the user for their device unlock code, as well as banking and cryptocurrency application credentials. [Gustuff](https://attack.mitre.org/software/S0406) can also send push notifications pretending to be from a bank, triggering a phishing overlay.(Citation: Talos Gustuff Apr 2019)(Citation: Group IB Gustuff Mar 2019)",
+      "modified": "2022-04-19T19:42:17.904Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1",
+      "created": "2020-07-15T20:20:59.227Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:33:57.748Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access SMS messages.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50bab448-fee6-49e9-a296-498fe06eacc7",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.490Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2019-11-21T16:42:48.490Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can obtain a list of installed applications.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad",
+      "created": "2020-04-24T15:06:33.397Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:37:37.674Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect the device’s call log.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9",
+      "created": "2020-09-11T14:54:16.649Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:52:05.260Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect the device’s contact list.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8",
+      "created": "2019-11-21T16:42:48.459Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:37:19.124Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can delete arbitrary files from the device.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4819f391-01de-4525-992b-7e4a4f6667de",
+      "type": "relationship",
+      "created": "2020-11-20T15:46:51.603Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T15:46:51.603Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can take pictures with the camera.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed",
+      "created": "2023-03-20T18:58:56.347Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:58:56.347Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e",
+      "created": "2023-03-03T16:25:52.931Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:25:52.931Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected information about installed applications.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265",
+      "created": "2021-04-19T14:29:46.510Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:15:42.930Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.112Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--268c12df-d3bc-46fa-99e9-32caab50b175",
+      "created": "2022-03-30T15:52:09.759Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T15:52:09.759Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d",
+      "created": "2019-09-03T20:08:00.760Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:11:36.853Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) communicates with the command and control server using HTTP requests.(Citation: Talos Gustuff Apr 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696",
+      "created": "2022-03-28T19:38:23.189Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-28T19:38:23.190Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--127e6672-d16a-4370-b277-4d04874a4cfe",
+      "created": "2023-02-06T19:37:24.358Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-11T19:29:31.138Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use overlays capture banking credentials and credit card information, and can open arbitrary WebViews from the C2.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--289f5e23-088a-4840-a2a6-bab30da2a64b",
+      "created": "2022-04-01T16:51:04.584Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "GoogleIO2016",
+          "url": "https://www.youtube.com/watch?v=XZzLjllizYs",
+          "description": "Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)",
+      "modified": "2022-04-01T16:51:04.584Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1db350b2-1e8b-4d58-9086-eac41de1b110",
+      "created": "2022-04-05T17:13:56.584Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:13:56.584Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1",
+      "created": "2020-07-20T13:27:33.514Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:35:47.258Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete files from the device.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9",
+      "created": "2020-07-20T13:27:33.509Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:36:07.297Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s call log.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c656539-aa1e-42db-9016-d38f1daaae16",
+      "created": "2023-01-18T19:20:26.156Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:06:05.822Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can collect user SMS messages.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1",
+      "created": "2023-03-15T16:24:12.588Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-15T16:24:12.588Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--393300c4-6852-466d-a163-1d51330fe055",
+      "created": "2023-03-20T18:45:39.292Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:48:50.839Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--82b58c75-239e-4dac-b848-bc1f3354adc4",
+      "created": "2023-03-20T18:41:18.288Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:41:18.288Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4ee57616-7205-490c-86c3-c27dcffd8689",
+      "created": "2022-04-06T13:35:43.203Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult",
+      "modified": "2022-04-06T13:35:43.203Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999",
+      "created": "2020-11-24T17:55:12.818Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:21:12.197Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can register for the `BOOT_COMPLETED` broadcast intent.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d",
+      "created": "2020-07-15T20:20:59.380Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used Firebase for C2.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-18T19:18:24.378Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dbef53a9-f9c4-4582-8e93-349ad488de12",
+      "created": "2023-02-28T21:42:06.525Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:27:42.197Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view call logs.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae",
+      "created": "2019-09-04T20:01:42.753Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Nightwatch screencap April 2016",
+          "url": "https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/",
+          "description": "Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Application developers can apply the `FLAG_SECURE` property to sensitive screens within their apps to make it more difficult for the screen contents to be captured.(Citation: Nightwatch screencap April 2016) ",
+      "modified": "2022-04-01T13:31:59.712Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4",
+      "created": "2023-03-30T15:18:37.934Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-30T15:18:37.934Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can take screenshots and abuse the Android Screen Cast feature to capture screen data.(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1",
+      "created": "2020-12-24T21:45:56.920Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:16:17.615Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has attempted to trick users into enabling installation of applications from unknown sources.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1250f91c-723d-4b4c-afea-b3a71101951f",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.415Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-15T15:36:42.339Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query the device's IMEI.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--269d4409-e287-4ef3-b5f3-765ec03e503e",
+      "created": "2020-06-02T14:32:31.900Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:18:38.700Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel’s trust cache.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a",
+      "created": "2023-03-03T16:25:09.978Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:25:09.978Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) is believed to have initially infected devices using internet traffic hijacking to generate abnormal popups.(Citation: paloalto_yispecter_1015) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791",
+      "created": "2022-03-30T19:33:17.520Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
+      "modified": "2022-03-30T19:33:17.520Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) uses SMS for command and control.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--75770898-93a7-45e3-bdb2-03172004a88f",
+      "created": "2022-03-30T14:49:47.451Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android-VerifiedBoot",
+          "url": "https://source.android.com/security/verifiedboot/",
+          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
+      "modified": "2022-03-30T14:49:47.451Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6d88242f-e45b-481c-bd41-b66a662618ce",
+      "created": "2022-04-06T13:57:24.730Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:57:24.730Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bd351b17-e995-4528-bbea-e1138c51476a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.683Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.449Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s microphone.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.074Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.074Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can update the malicious payload module on command.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.287Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.290Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has implemented functions in native code.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f",
+      "created": "2020-10-29T19:01:13.839Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Microsoft MalLockerB",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:54:05.374Z",
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) can prevent the user from interacting with the UI by using a carefully crafted \"call\" notification screen. This is coupled with overriding the `onUserLeaveHint()` callback method to spawn a new notification instance when the current one is dismissed. (Citation: Microsoft MalLockerB)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76",
+      "created": "2019-10-18T14:50:57.472Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain patches for known exploits.",
+      "modified": "2022-03-25T14:12:54.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:03:03.296Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uses HTTP for command and control.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.954Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.777Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can obtain root access via a rooting trojan in its infection chain.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f",
+      "created": "2019-11-21T19:16:34.776Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint SimBad 2019",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:44:53.855Z",
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) registers for the `BOOT_COMPLETED` and `USER_PRESENT` broadcast intents, which allows the software to perform actions after the device is booted and when the user is using the device, respectively.(Citation: CheckPoint SimBad 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7e8956e3-7d90-412d-a82f-d61e43239923",
+      "created": "2023-03-20T18:44:01.387Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:44:01.387Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b356d405-f6b1-485b-bd35-236b9da766d2",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.586Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-27T15:27:26.539Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can use the `MediaRecorder` class to record the screen when the targeted application is presented to the user, and can abuse accessibility features to record targeted applications to intercept transaction authorization numbers (TANs) and to scrape on-screen text.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a",
+      "created": "2023-03-20T18:53:35.012Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:53:35.012Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4e68feca-083f-40ed-88d8-2b6a3935c949",
+      "created": "2023-01-18T19:12:11.201Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:53:38.271Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use the Android `CallScreeningService` to silently block incoming calls.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91",
+      "created": "2020-10-29T19:21:23.187Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:42:27.975Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can hide its icon and create a shortcut based on the C2 server response.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0",
+      "created": "2019-08-07T15:57:13.453Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can open a fake Google Play screen requesting bank card credentials and mimic the screen of relevant mobile banking apps to request user/bank card details.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b536f233-8c43-4671-b8e8-d72a4806946d",
+      "created": "2022-04-05T17:14:23.789Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:14:23.789Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa",
+      "created": "2022-04-01T16:52:36.974Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T16:52:36.974Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3",
+      "type": "relationship",
+      "created": "2020-05-04T14:04:56.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "modified": "2020-05-04T15:40:21.081Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) collects the device’s IMEI, carrier, mobile country code, and mobile network code.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--19df76ee-fa85-43cf-96ce-422d46f29a13",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:12:48.998Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) listens for the `BOOT_COMPLETED` broadcast intent in order to maintain persistence and activate its functionality at device boot time.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4b838636-bfa4-4592-b72f-3044946b8187",
+      "created": "2020-09-14T14:13:45.236Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/esurv-research"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:53:16.656Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device’s contact list.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-Xbot",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:17:40.860Z",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) can remotely lock infected Android devices and ask for a ransom.(Citation: PaloAlto-Xbot)",
+      "relationship_type": "uses",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1",
+      "created": "2023-03-20T15:16:19.428Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:16:19.428Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1",
+      "created": "2022-04-05T19:48:31.354Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:48:31.354Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.183Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can download executable code from the C2 server after the implant starts or after a specific command.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--535d2425-21aa-4fe5-ae6d-5b677f459020",
+      "created": "2022-03-28T19:41:37.162Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches for devices that were compromised at the supply chain level.",
+      "modified": "2022-03-28T19:41:37.162Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0330db55-06e0-45a2-85a6-17617a37fdaf",
+      "created": "2022-04-06T13:57:49.186Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:57:49.186Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.914Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:27.914Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7",
+      "created": "2023-03-20T15:16:28.177Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:16:28.177Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T15:39:17.961Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e0f58ab7-b246-4c41-9afc-89b582590809",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.374Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.374Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can download additional modules at runtime via JavaScript `eval` statements.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ba30703-c3aa-425a-9482-9e9941fd7038",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.961Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.961Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access the camera on the device.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308",
+      "created": "2023-02-06T19:04:33.224Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:06:11.934Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can monitor notifications.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2",
+      "created": "2023-03-20T18:50:32.580Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:50:32.580Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ffc24804-42db-4be1-a418-7f5ab9de453c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-NotCompatible",
+          "description": "Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[NotCompatible](https://attack.mitre.org/software/S0299) has the capability to exploit systems on an enterprise network.(Citation: Lookout-NotCompatible)",
+      "relationship_type": "uses",
+      "source_ref": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac",
+      "created": "2020-06-26T15:32:25.060Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:35:13.005Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can uninstall itself from a device on command.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e889782a-f66b-448e-a466-e55b1bce7b64",
+      "created": "2023-02-28T20:38:25.598Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T20:38:25.598Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) has encrypted C2 message bodies with RSA and encoded them in base64.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -33586,159 +34917,38 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576",
+      "id": "relationship--7a50961b-9be4-4042-a6a0-878b612c520e",
       "type": "relationship",
-      "created": "2020-09-14T14:13:45.294Z",
+      "created": "2019-07-10T15:25:57.602Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
         }
       ],
-      "modified": "2020-09-14T15:39:17.961Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)",
+      "modified": "2019-08-12T17:30:07.571Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) uses the device microphone to record phone conversations.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--818b8c2b-bd23-4a83-9970-d42063608699",
-      "created": "2020-04-24T15:06:33.393Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:49:04.950Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device contacts.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1",
-      "created": "2020-10-29T17:48:27.272Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-15T16:53:00.735Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.692Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.443Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included system information enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--32be51e2-f74d-441f-aa0d-952697a76494",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.599Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses a `FileObserver` object to monitor the Skype and WeChat database file and shared preferences to retrieve chat messages, account information, and profile pictures of the account owner and chat participants. [FlexiSpy](https://attack.mitre.org/software/S0408) can also spy on popular applications, including Facebook, Hangouts, Hike, Instagram, Kik, Line, QQ, Snapchat, Telegram, Tinder, Viber, and WhatsApp.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe",
-      "type": "relationship",
-      "created": "2019-12-10T16:07:41.093Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2019-12-10T16:07:41.093Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can download code and binaries from the C2 server to execute on the device as root.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3be6ad82-722d-4699-8e3a-c1ea60018244",
-      "created": "2023-03-16T13:32:55.140Z",
+      "id": "relationship--b697a198-8949-43e0-b2b8-23498373c920",
+      "created": "2023-03-20T18:37:13.628Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-16T13:32:55.140Z",
+      "modified": "2023-03-20T18:37:13.628Z",
       "description": "",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -33747,384 +34957,8 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308",
-      "created": "2023-02-06T19:04:33.224Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:06:11.934Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can monitor notifications.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--36268322-9f5e-4749-8760-6430178a3d68",
-      "created": "2020-06-26T14:55:13.311Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:25:08.956Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can intercept SMS messages.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527",
-      "created": "2019-09-04T14:28:16.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:57:56.616Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve nearby cell tower and Wi-Fi network information.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--44da429b-9dee-43c9-9397-445c6f9e647e",
-      "created": "2022-03-30T19:54:59.651Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android includes system partition integrity mechanisms that could detect unauthorized modifications. ",
-      "modified": "2022-03-30T19:54:59.651Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4aec0738-2c76-4dc7-af8a-87785e658193",
-      "created": "2021-10-01T14:42:49.152Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:26:18.801Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.174Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather cellular IDs.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--da4296d7-5fdb-45b6-9791-b023d634c08d",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.760Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record location.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.305Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.305Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) abuses the accessibility service to prevent removing administrator permissions, accessibility permissions, and to set itself as the default SMS handler.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77",
-      "created": "2022-04-06T15:52:41.579Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:52:41.579Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--eb052029-e1c9-4f24-8594-299aaec7f1df",
-      "created": "2020-12-14T14:52:03.351Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:42:46.952Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s call log.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81",
-      "created": "2023-03-20T15:45:44.000Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:45:44.000Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3",
-      "created": "2023-02-06T19:43:43.574Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:43:43.574Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can uninstall itself.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0ae94053-1963-45ba-a3a9-62e508281c8e",
-      "created": "2023-01-19T18:06:36.986Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:21:58.318Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can install malicious configurations on iPhones to allow malware to be installed via Ad Hoc distribution.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Judy",
-          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/",
-          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Judy](https://attack.mitre.org/software/S0325) uses infected devices to generate fraudulent clicks on advertisements to generate revenue.(Citation: CheckPoint-Judy)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e",
-      "created": "2022-03-30T13:45:39.184Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T13:45:39.184Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c374c9ce-ff30-4daa-bdec-8015a507746a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.145Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has a capability to obtain files from other installed applications.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a",
-      "created": "2020-12-28T18:47:52.357Z",
+      "id": "relationship--2115228b-c61a-4ebb-829a-df7355635fbf",
+      "created": "2020-12-17T20:15:22.491Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -34137,259 +34971,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:22:26.702Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can run commands as root.(Citation: Palo Alto HenBox) ",
+      "modified": "2023-04-05T20:50:12.639Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can detect if the app is running on an emulator.(Citation: Palo Alto HenBox)",
       "relationship_type": "uses",
       "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c",
-      "created": "2022-04-01T16:51:20.688Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should scrutinize every device administration permission request. If the request is not expected or the user does not recognize the application, the application should be uninstalled immediately.",
-      "modified": "2022-04-01T16:51:20.688Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.381Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.381Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved account information for other applications.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-Xbot",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:17:40.860Z",
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) can remotely lock infected Android devices and ask for a ransom.(Citation: PaloAlto-Xbot)",
-      "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c034c66-18ad-4b30-9f17-ed574c10918f",
-      "created": "2023-03-20T18:56:20.203Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:56:20.203Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e",
-      "created": "2022-03-30T19:29:07.379Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
-      "modified": "2022-03-30T19:29:07.379Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b53d1c92-b71f-434e-aa4f-08b8db765248",
-      "type": "relationship",
-      "created": "2019-07-10T15:25:57.604Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "modified": "2019-08-12T17:30:07.572Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:33:12.082Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests SMS and MMS messages from victims.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80",
-      "created": "2022-03-30T19:33:05.375Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates typically provide patches for vulnerabilities that enable device rooting.",
-      "modified": "2022-03-30T19:33:05.375Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3",
-      "created": "2023-02-28T20:31:31.983Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T20:31:31.983Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can intercept SMS messages and USSD messages from Telcom operators.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7696b512-ba2f-4310-86e1-7c528529fc5e",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.425Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.425Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--66132260-65d1-4bf5-8200-abdb2014be6f",
-      "created": "2020-09-15T15:18:12.465Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:51:12.881Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can detect if it is running in an emulator and adjust its behavior accordingly.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
       "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -34400,249 +34985,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84",
+      "id": "relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159",
       "type": "relationship",
-      "created": "2019-07-10T15:35:43.708Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.797Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cacc0b72-9d73-4381-90e9-545ba908722c",
-      "type": "relationship",
-      "created": "2019-09-15T15:35:33.215Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-09-15T15:35:33.215Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) injects the global action `GLOBAL_ACTION_BACK` to mimic pressing the back button to close the application if a call to an open antivirus application is detected.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5",
-      "created": "2023-03-20T18:50:21.296Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:50:21.296Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9",
-      "created": "2020-09-15T15:18:12.419Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:56:18.859Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s contact list.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Proofpoint-Marcher",
-          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks",
-          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Marcher](https://attack.mitre.org/software/S0317) attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. [Marcher](https://attack.mitre.org/software/S0317) also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.(Citation: Proofpoint-Marcher)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4",
-      "type": "relationship",
-      "created": "2020-09-11T15:57:37.770Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:57:37.770Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can delete SMS messages.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.631Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.741Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) queries the device for metadata, such as device ID, OS version, and the number of cameras.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898",
-      "created": "2019-09-04T14:28:16.414Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:41:16.423Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve call history.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b",
-      "created": "2020-09-11T14:54:16.638Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:36:55.810Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can delete copies of itself if additional APKs are downloaded to external storage.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--269d4409-e287-4ef3-b5f3-765ec03e503e",
-      "created": "2020-06-02T14:32:31.900Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:18:38.700Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel’s trust cache.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
           "source_name": "PaloAlto-Xbot",
@@ -34650,43 +34996,12 @@
           "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:28:32.568Z",
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) steals all SMS message and contact information as well as intercepts and parses certain SMS messages.(Citation: PaloAlto-Xbot)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.(Citation: PaloAlto-Xbot)",
       "relationship_type": "uses",
       "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--127e6672-d16a-4370-b277-4d04874a4cfe",
-      "created": "2023-02-06T19:37:24.358Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-11T19:29:31.138Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use overlays capture banking credentials and credit card information, and can open arbitrary WebViews from the C2.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -34694,110 +35009,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad",
-      "created": "2022-04-05T19:45:03.117Z",
+      "id": "relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0",
+      "created": "2022-04-11T20:05:56.540Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-05T19:45:03.117Z",
+      "modified": "2022-04-11T20:05:56.540Z",
       "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0008005f-ca51-47c3-8369-55ee5de1c65a",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:43:54.975Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) uses an Android broadcast receiver to automatically start when the device boots.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b7a31a11-6c84-4c28-a548-4751e4d71134",
-      "created": "2020-05-04T14:04:56.158Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can perform SMS fraud on older versions of the malware, and toll fraud on newer versions.(Citation: Google Bread)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.885Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.885Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used timers to enable Wi-Fi, ping the C2 server, register the device with the C2, and register wake locks on the system.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7db33293-6971-4c0d-88e0-18f505ebd943",
-      "created": "2022-04-05T20:11:51.188Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent OS versions have made it more difficult for applications to register as VPN providers. ",
-      "modified": "2022-04-05T20:11:51.188Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "source_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -34806,694 +35027,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a",
       "type": "relationship",
-      "id": "relationship--4ee57616-7205-490c-86c3-c27dcffd8689",
-      "created": "2022-04-06T13:35:43.203Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult",
-      "modified": "2022-04-06T13:35:43.203Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea",
-      "created": "2023-02-06T19:45:58.793Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-11T22:08:45.192Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use the open-source project RetroFit for C2 communication.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.566Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.566Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect device metadata and can check if the device is rooted.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:53:24.312Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted contact lists.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93",
-      "type": "relationship",
-      "created": "2020-09-11T15:50:18.937Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
-        }
-      ],
-      "modified": "2020-09-11T15:50:18.937Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6846dc09-b66a-42d3-aea2-c80b51f22952",
-      "created": "2023-02-28T21:42:31.008Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:42:31.008Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record audio using the device microphone.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965",
-      "type": "relationship",
-      "created": "2020-04-08T15:51:25.106Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:51:25.106Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f",
-      "created": "2022-03-30T18:14:04.881Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Symantec-iOSProfile2",
-          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
-          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
-        },
-        {
-          "source_name": "Android-TrustedCA",
-          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
-          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
-      "modified": "2022-03-30T18:14:04.881Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--92129d5b-7822-4e84-8a69-f96b598fba9e",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.175Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses databases from WhatsApp, Viber, Skype, and Line.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.644Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.644Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can list files stored on external storage.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369",
-      "created": "2023-02-02T17:46:27.077Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:43:17.131Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can exfiltrate captured user credentials and event logs back to the C2 server. (Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3f392718-87c4-483b-b89f-4f0cc056d251",
-      "type": "relationship",
-      "created": "2020-07-20T13:58:53.610Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.302Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s UDID, version number, and product number.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d",
-      "created": "2022-03-30T20:13:40.625Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be shown what a synthetic activity looks like so they can scrutinize them in the future.",
-      "modified": "2022-03-30T20:13:40.625Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--05563777-5771-4bd6-a1af-3e244cf42372",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Xiao-KeyRaider",
-          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples search to find the Apple account's username, password and device's GUID in data being transferred.(Citation: Xiao-KeyRaider)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4",
-      "created": "2022-04-05T19:38:41.538Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
-      "modified": "2022-04-05T19:38:41.538Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c",
-      "created": "2020-09-11T14:54:16.646Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:45:14.199Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can hide its icon.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0bb6f851-4302-4936-a98e-d23feecb234d",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.777Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.777Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--22290cce-856a-46d5-9589-699f5dfc1429",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
-        }
-      ],
-      "modified": "2020-07-20T13:49:03.687Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) covertly records phone calls.(Citation: TrendMicro-XLoader)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fa5f3aea-2131-4690-8833-dc428fae2b22",
-      "created": "2023-01-18T21:38:34.350Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:57:53.504Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can intercept notifications to send to the C2 server and take advantage of the Direct Reply feature.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c",
-      "created": "2023-03-20T18:51:29.814Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:29.814Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--520c7112-9768-42c5-8917-1950efd182f9",
-      "created": "2023-02-06T19:38:45.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:33:30.155Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use keylogging to capture user input.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7",
-      "created": "2023-03-20T18:57:42.922Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:42.922Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--22041a01-75e7-4ff6-8768-ad45188c53c7",
-      "created": "2023-02-28T21:45:25.064Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-01T22:03:00.755Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can obtain a list of installed applications.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a",
-      "created": "2019-07-16T14:33:12.175Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky Triada March 2016",
-          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019.",
-          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:25:35.330Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) variants capture transaction data from SMS-based in-app purchases.(Citation: Kaspersky Triada March 2016) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5ced57a7-b674-40d4-98b8-a090963a6ade",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-09-18T13:45:58.872Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) abuses Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:13:36.481Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses calendar entries.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--db1201f0-f925-4c3c-8673-7524a8c20886",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.274Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.274Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has recorded calls.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7",
-      "type": "relationship",
-      "created": "2019-08-07T15:57:13.388Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-18T13:44:13.453Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) injects input to set itself as the default SMS handler by clicking the appropriate places on the screen. It can also close or minimize targeted antivirus applications and the device security settings screen.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--36298fd6-d909-4490-8a04-095aef9ffafe",
-      "type": "relationship",
-      "created": "2020-11-20T15:54:07.747Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T15:54:07.747Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can record audio from the microphone and phone calls.(Citation: Symantec GoldenCup) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.986Z",
+      "created": "2020-12-24T21:55:56.726Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -35502,10 +35038,10 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-12-24T21:45:56.986Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can install new applications which are obtained from the C2 server.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2020-12-24T21:55:56.726Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has downloaded additional code to root devices, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -35514,63 +35050,24 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de",
       "type": "relationship",
-      "created": "2019-10-14T20:49:24.571Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-14T20:49:24.571Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about running processes.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.613Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.613Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can inject input to set itself as the default SMS handler, and to automatically click through pop-ups without giving the user any time to react.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4",
-      "created": "2022-03-28T19:30:27.364Z",
+      "id": "relationship--d71fab20-a56c-4404-a65d-aaa37056f16e",
+      "created": "2022-04-01T15:16:16.027Z",
       "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Trend Micro iOS URL Hijacking",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
+          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.",
-      "modified": "2022-03-28T19:30:27.364Z",
+      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
+      "modified": "2022-04-01T15:16:16.027Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -35579,71 +35076,142 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253",
       "type": "relationship",
-      "created": "2020-12-31T18:25:05.178Z",
+      "id": "relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e",
+      "created": "2020-09-14T14:13:45.299Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version has used public key encryption and certificate pinning for C2 communication.(Citation: Lookout eSurv)",
+      "modified": "2022-04-18T15:58:08.240Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.871Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
         }
       ],
-      "modified": "2020-12-31T18:25:05.178Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2020-06-24T18:24:35.795Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)",
       "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af",
-      "created": "2020-12-14T14:52:03.322Z",
+      "id": "relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0",
+      "created": "2023-03-15T16:39:32.117Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-15T16:39:32.117Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--60ad088f-3133-4b0c-a441-e1e06fff1765",
+      "created": "2023-02-06T19:37:56.416Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:52:58.974Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s contact list.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2023-03-29T21:34:29.147Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can gather data about the device.(Citation: threatfabric_sova_0921)",
       "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
+      "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
       "type": "relationship",
-      "id": "relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b",
-      "created": "2020-04-08T15:51:25.128Z",
+      "id": "relationship--c6464a84-e23b-412f-b435-5b23853d3643",
+      "created": "2020-09-14T13:35:45.909Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ESET-Twitoor",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) encrypts its C2 communication.(Citation: ESET-Twitoor)",
+      "modified": "2022-04-20T12:58:23.550Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d",
+      "created": "2020-09-11T14:54:16.587Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "ThreatFabric Ginp",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+          "source_name": "Lookout Desert Scorpion",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:29:36.827Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)",
+      "modified": "2023-04-05T20:25:21.998Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can retrieve SMS messages.(Citation: Lookout Desert Scorpion)",
       "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -35651,73 +35219,9 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046",
-      "created": "2022-04-05T17:14:35.469Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:14:35.469Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2",
-      "created": "2023-03-20T18:53:15.929Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:15.929Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51",
-      "created": "2020-12-14T14:52:03.359Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:12:27.624Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d",
-      "created": "2023-02-06T18:52:40.543Z",
+      "id": "relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a",
+      "created": "2023-03-03T15:42:28.475Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -35730,78 +35234,37 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:14:41.449Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can intercept SMS messages containing two factor authentication codes.(Citation: lookout_abstractemu_1021)",
+      "modified": "2023-03-27T17:17:24.417Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can send large amounts of device data over its C2 channel, including the device’s manufacturer, model, version and serial number, telephone number, and IP address.(Citation: lookout_abstractemu_1021)",
       "relationship_type": "uses",
       "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47",
-      "created": "2023-03-20T15:20:11.652Z",
-      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T15:20:11.652Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
+      "id": "relationship--9373912a-affa-4a3c-ad97-1b8311e228ee",
       "type": "relationship",
-      "id": "relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48",
-      "created": "2023-03-16T18:37:55.715Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:37:55.715Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "created": "2019-09-04T14:28:15.991Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc",
-      "created": "2021-10-01T14:42:49.174Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
-          "source_name": "SecureList BusyGasper",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:26:41.762Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)",
+      "modified": "2019-09-04T14:32:12.803Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) checks if the device is connected via Wi-Fi or mobile data.(Citation: Lookout-Monokle)",
       "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -35809,72 +35272,51 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69",
-      "created": "2020-04-08T15:51:25.078Z",
+      "id": "relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f",
+      "created": "2019-07-16T14:33:12.107Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+          "source_name": "Kaspersky Triada June 2016",
+          "url": "https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/",
+          "description": "Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July 16, 2019."
+        },
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can use a multi-step phishing overlay to capture banking credentials and then credit card numbers after login.(Citation: ThreatFabric Ginp)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) can redirect ad banner URLs on websites visited by the user to specific ad URLs.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada June 2016) ",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--c574251b-93ad-4f55-8b84-2700dfab4622",
-      "created": "2020-07-15T20:20:59.280Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:45:27.443Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can hide its icon on older Android versions.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68",
+      "id": "relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150",
       "type": "relationship",
-      "created": "2020-12-24T21:45:56.979Z",
+      "created": "2020-05-11T16:37:36.673Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
         }
       ],
-      "modified": "2021-04-19T14:29:46.650Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can retrieve files from external storage and can collect browser data.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2020-05-11T16:37:36.673Z",
+      "description": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ",
       "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
       "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -35884,82 +35326,43 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--13efc415-5e17-4a16-81c2-64e74815907f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can prompt a fake alert dialog to phish user credentials.(Citation: PaloAlto-XcodeGhost)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--03ff6271-d7bc-40f3-b83d-25c541333694",
-      "type": "relationship",
-      "created": "2019-11-19T17:32:20.701Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2019-12-26T16:14:33.468Z",
-      "description": "If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15",
-      "type": "relationship",
-      "created": "2021-09-24T14:47:34.447Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-04T20:08:48.439Z",
-      "description": "Device attestation can often detect rooted devices.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0e8607f6-daab-44df-b167-105403a4ef41",
-      "created": "2023-01-18T19:57:33.986Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:39:39.355Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use the “Direct Reply” feature of Android to automatically reply to notifications with a message provided by C2.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_deprecated": false,
+      "id": "relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519",
+      "created": "2022-04-05T17:03:53.457Z",
       "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:03:53.457Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b",
+      "created": "2019-12-10T16:07:41.081Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:47:53.438Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) replaces `/system/bin/ip` with a malicious version. [Dvmap](https://attack.mitre.org/software/S0420) can inject code by patching `libdmv.so` or `libandroid_runtime.so`, depending on the Android OS version. Both libraries are related to the Dalvik and ART runtime environments. The patched functions can only call `/system/bin/ip`, which was replaced with the malicious version.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -35967,231 +35370,84 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--cda58372-ae70-4716-8baf-cc06cb884ad6",
+      "id": "relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa",
       "type": "relationship",
-      "created": "2020-12-24T22:04:28.015Z",
+      "created": "2020-11-24T17:55:12.804Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.015Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999",
-      "created": "2020-11-24T17:55:12.818Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
           "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:21:12.197Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can register for the `BOOT_COMPLETED` broadcast intent.(Citation: Talos GPlayed)",
+      "modified": "2020-11-24T17:55:12.804Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has the capability to remotely load plugins and download and compile new .NET code.(Citation: Talos GPlayed) ",
       "relationship_type": "uses",
       "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e29d91f0-ebee-481d-9344-702c90775109",
-      "type": "relationship",
-      "created": "2020-05-07T15:33:32.928Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-07T15:33:32.928Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c",
-      "created": "2017-10-25T14:48:53.747Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges.  ",
-      "modified": "2022-03-30T20:32:46.334Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.074Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.074Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can update the malicious payload module on command.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--22f5308c-77ee-4198-be1c-54062aa6a613",
-      "created": "2020-12-31T18:25:05.160Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f",
+      "created": "2023-03-20T15:55:32.395Z",
       "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:00:13.616Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "modified": "2023-03-20T15:55:32.395Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
+      "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d",
+      "created": "2023-03-20T18:38:36.873Z",
+      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5a277966-4559-487e-bdfb-7be6366ccdb6",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.508Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.114Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take pictures with the device cameras.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "modified": "2023-03-20T18:38:36.873Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
       "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.740Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-12T13:51:41.045Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594",
-      "created": "2022-04-05T17:14:08.267Z",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:14:08.267Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2",
-      "created": "2020-07-27T14:14:57.020Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:52:46.975Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can modify the SELinux enforcement mode.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.421Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.421Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -36199,16 +35455,22 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8",
-      "created": "2022-04-05T19:49:59.027Z",
+      "id": "relationship--1317fb3d-ded3-4b84-8007-147f3b02948a",
+      "created": "2022-04-05T19:52:38.539Z",
       "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "CSRIC-WG1-FinalReport",
+          "description": "CSRIC-WG1-FinalReport"
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:49:59.027Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC-WG1-FinalReport) ",
+      "modified": "2022-04-05T19:52:38.539Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -36243,22 +35505,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa",
+      "id": "relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5",
       "type": "relationship",
-      "created": "2020-11-24T17:55:12.804Z",
+      "created": "2019-09-03T20:08:00.764Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
         }
       ],
-      "modified": "2020-11-24T17:55:12.804Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has the capability to remotely load plugins and download and compile new .NET code.(Citation: Talos GPlayed) ",
+      "modified": "2019-09-15T15:35:33.379Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers information about the device, including the default SMS application, if SafetyNet is enabled, the battery level, the operating system version, and if the malware has elevated permissions.(Citation: Talos Gustuff Apr 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36289,125 +35551,18 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Original samples of [BrainTest](https://attack.mitre.org/software/S0293) download their exploit packs for rooting from a remote server after installation.(Citation: Lookout-BrainTest)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--049c39ab-c036-457a-9b8f-4318416658b8",
-      "created": "2022-03-30T19:54:24.468Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "A locked bootloader could prevent unauthorized modifications of protected operating system files. ",
-      "modified": "2022-03-30T19:55:15.724Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--535d2425-21aa-4fe5-ae6d-5b677f459020",
-      "created": "2022-03-28T19:41:37.162Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates may contain patches for devices that were compromised at the supply chain level.",
-      "modified": "2022-03-28T19:41:37.162Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b6726136-3c20-4921-a0cb-75a66f59107c",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.296Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect network configuration data from the device, including phone number, SIM operator, and network operator.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--82555171-8b78-40f3-84d9-058359ae808a",
-      "type": "relationship",
-      "created": "2020-09-24T15:34:51.244Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "modified": "2020-09-24T15:34:51.244Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can send and block SMS messages.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7",
-      "created": "2023-03-20T18:48:56.995Z",
+      "id": "relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2",
+      "created": "2023-03-20T19:00:26.780Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:48:56.995Z",
+      "modified": "2023-03-20T19:00:26.780Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -36415,52 +35570,29 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--96569099-db95-4f3c-8ded-6d9cf023e55e",
-      "created": "2019-09-03T20:08:00.717Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
+      "id": "relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can use SMS for command and control from a defined admin phone number.(Citation: Talos Gustuff Apr 2019) ",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--df337ad4-c88e-425f-b869-ecac29674bf4",
-      "type": "relationship",
-      "created": "2021-03-25T16:39:40.200Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2021-03-25T16:39:40.200Z",
-      "description": "(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2023-04-05T20:32:29.636Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can read SMS messages.(Citation: Zscaler-SpyNote)",
       "relationship_type": "uses",
-      "source_ref": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
-      "target_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -36487,29 +35619,26 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--90d4d964-efa2-46ac-adc2-759886e07158",
-      "created": "2020-10-29T17:48:27.325Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:11:02.157Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)",
+      "id": "relationship--04530307-22d8-4a06-9056-55eea225fabb",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.710Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.842Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -36517,16 +35646,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519",
-      "created": "2022-04-05T17:03:53.457Z",
+      "id": "relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328",
+      "created": "2022-03-30T19:34:09.377Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-05T17:03:53.457Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "modified": "2022-03-30T19:34:09.377Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -36535,72 +35664,26 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--2e08820f-a81d-480e-9e60-f14db3e49080",
       "type": "relationship",
-      "created": "2019-09-04T14:28:15.909Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.568Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can take photos and videos.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "id": "relationship--d01b311d-8741-4b58-b127-88fecb2b0544",
+      "created": "2020-04-08T15:41:19.448Z",
       "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--72a88d43-4144-444e-8f71-ac0d19ae3710",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.256Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
         }
       ],
-      "modified": "2020-09-14T14:13:45.256Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can track the device’s location.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b",
-      "created": "2020-11-24T18:18:33.772Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:24:43.120Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "revoked": false,
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) has a keylogger that works in every application installed on the device.(Citation: Cofense Anubis)",
+      "modified": "2022-04-15T17:33:02.327Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -36641,27 +35724,46 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803",
-      "created": "2023-02-06T19:05:00.862Z",
+      "id": "relationship--d170a088-b115-4a86-b093-8aa32666a470",
+      "created": "2023-03-15T16:39:55.148Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-15T16:39:55.148Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446",
+      "created": "2020-12-14T14:52:03.294Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:20:37.796Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can obtain a list of installed applications.(Citation: lookout_abstractemu_1021)",
+      "modified": "2023-04-05T20:26:37.661Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect SMS messages.(Citation: Sophos Red Alert 2.0)",
       "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
+      "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36669,74 +35771,94 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9",
       "type": "relationship",
-      "id": "relationship--c6464a84-e23b-412f-b435-5b23853d3643",
-      "created": "2020-09-14T13:35:45.909Z",
+      "created": "2020-07-20T13:27:33.548Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:00:43.490Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) uses `dumpsys` to determine if certain applications are running.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
       "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ESET-Twitoor",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) encrypts its C2 communication.(Citation: ESET-Twitoor)",
-      "modified": "2022-04-20T12:58:23.550Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
-      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--6d659130-545b-4917-891c-6c1b7d54ed07",
       "type": "relationship",
-      "id": "relationship--44304163-9a44-4760-bd04-0e14adb33299",
-      "created": "2022-04-01T15:13:40.779Z",
-      "x_mitre_version": "0.1",
+      "created": "2021-01-05T20:16:20.505Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Trend Micro iOS URL Hijacking",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
-          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
-      "modified": "2022-04-01T15:13:40.779Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-01-05T20:16:20.505Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can send SMS messages.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--60ad088f-3133-4b0c-a441-e1e06fff1765",
-      "created": "2023-02-06T19:37:56.416Z",
+      "id": "relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590",
+      "created": "2019-09-23T13:36:08.543Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-29T21:34:29.147Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can gather data about the device.(Citation: threatfabric_sova_0921)",
+      "modified": "2023-04-05T16:57:05.633Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can access and upload the contacts list to the command and control server.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a408dee-07da-4855-b2ff-be512480ccb5",
+      "created": "2023-01-19T18:08:41.596Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:18:05.095Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can gather device UDIDs.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
@@ -36744,25 +35866,51 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--ed3293cf-de4f-4a73-98af-24325e8187c9",
+      "created": "2020-04-24T17:46:31.598Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--4819f391-01de-4525-992b-7e4a4f6667de",
+      "modified": "2023-04-05T20:51:43.135Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can detect if it is running on a rooted device or an emulator.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b",
       "type": "relationship",
-      "created": "2020-11-20T15:46:51.603Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
         }
       ],
-      "modified": "2020-11-20T15:46:51.603Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can take pictures with the camera.(Citation: Symantec GoldenCup)",
+      "modified": "2019-10-10T15:27:22.110Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to record calls as well as the victim device's environment.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36770,9 +35918,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6",
+      "id": "relationship--fbdbddd7-4980-4061-9192-24a887bc6bad",
       "type": "relationship",
-      "created": "2020-10-29T17:48:27.332Z",
+      "created": "2020-12-07T14:28:32.141Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -36781,11 +35929,11 @@
           "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
         }
       ],
-      "modified": "2020-10-29T17:48:27.332Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ",
+      "modified": "2020-12-07T14:28:32.141Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can open a SOCKS proxy connection through the compromised device.(Citation: Threat Fabric Exobot)",
       "relationship_type": "uses",
       "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36794,24 +35942,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab",
-      "created": "2020-09-11T14:54:16.589Z",
+      "id": "relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c",
+      "created": "2020-12-14T14:52:03.385Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can be controlled using SMS messages.(Citation: Lookout Desert Scorpion)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can fetch a backup C2 domain from Twitter if the primary C2 is unresponsive.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-20T17:56:51.457Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36819,46 +35967,42 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--9373912a-affa-4a3c-ad97-1b8311e228ee",
       "type": "relationship",
-      "created": "2019-09-04T14:28:15.991Z",
+      "id": "relationship--d716163d-2492-4088-9235-b2310312ba27",
+      "created": "2022-04-06T15:44:48.422Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:44:48.422Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.803Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) checks if the device is connected via Wi-Fi or mobile data.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--51757971-17ac-40c3-bae7-78365579db49",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962",
+      "created": "2019-09-23T13:36:08.456Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "TrendMicro-Obad",
-          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:02:27.188Z",
-      "description": "[OBAD](https://attack.mitre.org/software/S0286) abuses device administrator access to make it more difficult for users to remove the application.(Citation: TrendMicro-Obad)",
+      "modified": "2023-04-05T16:58:03.072Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can lock an HTML page in the foreground, requiring the user enter credit card information that matches information previously intercepted in SMS messages, such as the last 4 digits of a credit card number. If attempts to revoke administrator permissions are detected, [Rotexy](https://attack.mitre.org/software/S0411) periodically switches off the phone screen to inhibit permission removal.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -36868,25 +36012,362 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159",
+      "id": "relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2020-09-11T14:54:16.585Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "PaloAlto-Xbot",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.(Citation: PaloAlto-Xbot)",
+      "modified": "2021-04-19T17:11:50.418Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect attacker-specified files, including files located on external storage.(Citation: Lookout Desert Scorpion)\t",
       "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--88e33687-e999-42c8-b46b-49d2adfa17d0",
+      "created": "2022-04-01T15:02:04.528Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Apple regularly provides security updates for known OS vulnerabilities. ",
+      "modified": "2022-04-01T15:02:04.528Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--de45db46-2251-4a29-b4d7-3fcf679e9484",
+      "created": "2019-09-04T15:38:56.877Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+        },
+        {
+          "source_name": "FlexiSpy-Features",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:32:16.401Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can intercept SMS and MMS messages as well as monitor messages for keywords.(Citation: CyberMerchants-FlexiSpy)(Citation: FlexiSpy-Features)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a563fc97-a452-4348-a831-f4fb55c71e35",
+      "created": "2023-03-03T16:22:45.712Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:22:45.712Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has used fake Verisign and Symantec certificates to bypass malware detection systems. [YiSpecter](https://attack.mitre.org/software/S0311) has also signed malicious apps with iOS enterprise certificates to work on non-jailbroken iOS devices.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5b04c8d0-c026-4838-9383-e4146de36d4d",
+      "created": "2023-03-16T18:33:19.941Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:33:19.941Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc",
+      "created": "2023-02-28T20:37:01.639Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:13:55.642Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use `locale.getLanguage()` to choose the language for notifications and avoid user detection.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9",
+      "created": "2023-03-20T18:51:07.547Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:51:07.547Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81",
+      "created": "2022-04-05T20:03:46.789Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:03:46.789Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9e95ef68-0650-49eb-888f-47c211481be9",
+      "created": "2023-03-20T18:51:40.217Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:51:40.217Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ece70dca-803c-4209-8792-7e56e9901288",
+      "created": "2020-07-15T20:20:59.291Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:38:15.470Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can delete all data from an infected device.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.144Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has the capability to exploit several known vulnerabilities and escalate privileges.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cde60121-3d7c-47c8-abeb-582854425599",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.531Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can update the running malware.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3",
+      "created": "2023-03-16T13:32:02.290Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T13:32:02.290Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d",
+      "created": "2019-10-18T14:50:57.491Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates often contain patches for vulnerabilities.",
+      "modified": "2022-03-30T15:52:58.256Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.289Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.289Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to capture data from installed applications.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--10c07066-df05-4dff-bb95-c76be02ea4ef",
+      "created": "2020-09-14T14:13:45.291Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/esurv-research"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:30:00.975Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103",
@@ -36918,1330 +36399,48 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f",
-      "created": "2019-07-16T14:33:12.107Z",
+      "id": "relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1",
+      "created": "2020-06-26T15:32:25.002Z",
       "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Triada June 2016",
-          "url": "https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/",
-          "description": "Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July 16, 2019."
-        },
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) can redirect ad banner URLs on websites visited by the user to specific ad URLs.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada June 2016) ",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--34b6abb0-d199-46bb-af21-b65560e75658",
-      "created": "2022-04-01T19:06:40.361Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T19:06:40.361Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--76cc66f4-ce85-4873-a63e-879b4a14a540",
-      "created": "2023-03-03T16:23:20.764Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:23:20.764Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has connected to the C2 server via HTTP.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c943d462-fea7-4c01-88b2-de134153095b",
-      "created": "2023-03-20T18:56:37.473Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:56:37.473Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad",
-      "created": "2021-10-01T14:42:49.159Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device’s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen’s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:32:29.636Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can read SMS messages.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c",
-      "created": "2022-04-01T14:59:39.294Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Apple regularly provides security updates for known OS vulnerabilities.",
-      "modified": "2022-04-01T14:59:39.294Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11",
-      "created": "2022-09-29T20:08:54.389Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T18:38:37.195Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of exfiltrating specific files directly from the infected devices.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a",
-      "created": "2023-03-03T15:42:28.475Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:17:24.417Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can send large amounts of device data over its C2 channel, including the device’s manufacturer, model, version and serial number, telephone number, and IP address.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.596Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has exfiltrated local account data and calendar information as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e889782a-f66b-448e-a466-e55b1bce7b64",
-      "created": "2023-02-28T20:38:25.598Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T20:38:25.598Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) has encrypted C2 message bodies with RSA and encoded them in base64.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) tricks the user into sending SMS messages to premium services and then deletes those messages.(Citation: Wandera-RedDrop)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.871Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-24T18:24:35.795Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532",
-      "created": "2023-02-06T19:46:43.041Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:46:43.041Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has included adversary-in-the-middle capabilities.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0",
-      "created": "2022-04-11T20:05:56.540Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-11T20:05:56.540Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a",
-      "created": "2021-01-07T17:02:31.805Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:56:32.861Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can access the device's contact list.(Citation: Zscaler TikTok Spyware) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936",
-      "created": "2019-08-29T18:57:55.926Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Samsung Keyboards",
-          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
-          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards) An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
-      "modified": "2022-04-05T19:41:57.905Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--393300c4-6852-466d-a163-1d51330fe055",
-      "created": "2023-03-20T18:45:39.292Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:48:50.839Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91",
-      "created": "2020-10-29T19:21:23.187Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:42:27.975Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can hide its icon and create a shortcut based on the C2 server response.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0",
-      "created": "2019-09-03T20:08:00.711Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Group IB Gustuff Mar 2019",
-          "url": "https://www.group-ib.com/blog/gustuff",
-          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019."
-        },
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) uses WebView overlays to prompt the user for their device unlock code, as well as banking and cryptocurrency application credentials. [Gustuff](https://attack.mitre.org/software/S0406) can also send push notifications pretending to be from a bank, triggering a phishing overlay.(Citation: Talos Gustuff Apr 2019)(Citation: Group IB Gustuff Mar 2019)",
-      "modified": "2022-04-19T19:42:17.904Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffc24804-42db-4be1-a418-7f5ab9de453c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-NotCompatible",
-          "description": "Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[NotCompatible](https://attack.mitre.org/software/S0299) has the capability to exploit systems on an enterprise network.(Citation: Lookout-NotCompatible)",
-      "relationship_type": "uses",
-      "source_ref": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.189Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.081Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) collects the device’s IMEI, carrier, mobile country code, and mobile network code.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.764Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-09-15T15:35:33.379Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers information about the device, including the default SMS application, if SafetyNet is enabled, the battery level, the operating system version, and if the malware has elevated permissions.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Gooligan Citation",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) can install adware to generate revenue.(Citation: Gooligan Citation)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--19df76ee-fa85-43cf-96ce-422d46f29a13",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:12:48.998Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) listens for the `BOOT_COMPLETED` broadcast intent in order to maintain persistence and activate its functionality at device boot time.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0",
-      "created": "2023-03-15T16:39:32.117Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:39:32.117Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b5f3b110-fc66-4369-89f3-621c945d655f",
-      "type": "relationship",
-      "created": "2020-04-27T16:52:49.444Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "modified": "2020-04-27T16:52:49.444Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) encrypts data prior to exfiltration.(Citation: Google Triada June 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f",
-      "created": "2023-03-20T18:58:33.787Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:33.787Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b536f233-8c43-4671-b8e8-d72a4806946d",
-      "created": "2022-04-05T17:14:23.789Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:14:23.789Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1",
-      "created": "2023-03-20T15:16:19.428Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:16:19.428Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6d88242f-e45b-481c-bd41-b66a662618ce",
-      "created": "2022-04-06T13:57:24.730Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:57:24.730Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ba30703-c3aa-425a-9482-9e9941fd7038",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.961Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.961Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access the camera on the device.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:03:03.296Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uses HTTP for command and control.(Citation: FireEye-RuMMS)",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.314Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.314Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has utilized foreground services.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7e8956e3-7d90-412d-a82f-d61e43239923",
-      "created": "2023-03-20T18:44:01.387Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:01.387Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--efd35b6f-7a61-4998-97ff-608547e40f66",
-      "created": "2019-10-01T14:23:44.054Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Rotexy](https://attack.mitre.org/software/S0411) encrypts JSON HTTP payloads with AES.(Citation: securelist rotexy 2018) ",
-      "modified": "2022-04-18T16:07:57.631Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.408Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.408Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can track the device’s location.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4b838636-bfa4-4592-b72f-3044946b8187",
-      "created": "2020-09-14T14:13:45.236Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/esurv-research"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:53:16.656Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device’s contact list.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7a50961b-9be4-4042-a6a0-878b612c520e",
-      "type": "relationship",
-      "created": "2019-07-10T15:25:57.602Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "modified": "2019-08-12T17:30:07.571Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) uses the device microphone to record phone conversations.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--22334426-e99f-4e97-b4dd-17e297da4118",
-      "created": "2020-12-24T21:55:56.696Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:23:54.777Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1",
-      "created": "2020-07-20T13:27:33.514Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:35:47.258Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete files from the device.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cce82a76-5390-473d-9e7c-9450d1509d1d",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.314Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.314Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can download its second (Loader) and third (Core) stages after the dropper is installed.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6",
-      "created": "2020-09-14T13:35:45.911Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ESET-Twitoor",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can be controlled via Twitter.(Citation: ESET-Twitoor)",
-      "modified": "2022-04-20T17:56:24.292Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--82b58c75-239e-4dac-b848-bc1f3354adc4",
-      "created": "2023-03-20T18:41:18.288Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:18.288Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1",
-      "created": "2023-03-15T16:24:12.588Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:24:12.588Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a93ee044-bd5d-48f3-972e-0abab780c35c",
-      "created": "2023-02-08T20:05:06.786Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:21:22.070Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can steal information via malicious JavaScript.(Citation: trendmicro_tianyspy_0122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--91831379-b0da-4019-a7bb-17e53cda9d0b",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.131Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.131Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac",
-      "created": "2020-06-26T15:32:25.060Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
           "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:35:13.005Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can uninstall itself from a device on command.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1",
-      "created": "2019-09-04T15:38:57.037Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record keystrokes and analyze them for keywords.(Citation: FlexiSpy-Features)",
-      "modified": "2022-04-15T17:34:17.813Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can record keystrokes.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-15T17:33:17.868Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
       "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--2115228b-c61a-4ebb-829a-df7355635fbf",
-      "created": "2020-12-17T20:15:22.491Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:50:12.639Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can detect if the app is running on an emulator.(Citation: Palo Alto HenBox)",
+      "id": "relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.485Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.117Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can obtain a list of installed applications.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0cabc5f9-045e-490c-a97f-efe00dbade86",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.276Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.276Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record video.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791",
-      "created": "2022-03-30T19:33:17.520Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
-      "modified": "2022-03-30T19:33:17.520Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9",
-      "created": "2023-03-20T18:51:07.547Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:07.547Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1db350b2-1e8b-4d58-9086-eac41de1b110",
-      "created": "2022-04-05T17:13:56.584Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:13:56.584Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783",
-      "created": "2023-03-20T18:55:51.580Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:55:51.580Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.417Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.417Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture photos and videos from the device’s camera.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--75770898-93a7-45e3-bdb2-03172004a88f",
-      "created": "2022-03-30T14:49:47.451Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android-VerifiedBoot",
-          "url": "https://source.android.com/security/verifiedboot/",
-          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
-      "modified": "2022-03-30T14:49:47.451Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -38272,1050 +36471,20 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0330db55-06e0-45a2-85a6-17617a37fdaf",
-      "created": "2022-04-06T13:57:49.186Z",
+      "id": "relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e",
+      "created": "2022-04-01T17:05:56.046Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:57:49.186Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.214Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.076Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) has used native code in an attempt to disguise malicious functionality.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--383e5b12-061e-45c6-911b-b37187dd9254",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.701Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.399Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included file enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0727ac06-5b46-4f79-abe9-63c1b923d383",
-      "created": "2023-02-06T19:05:56.974Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:07:11.541Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) has included encoded shell scripts to potentially aid in the rooting process.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.449Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s microphone.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.310Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.310Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can send SMS messages.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--afe9e326-01f7-4296-a11b-09cfffd80120",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.962Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.747Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads and system prompts to create new Google accounts.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffc82546-f4da-4f47-88ec-b215edb1d695",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.799Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.589Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included malware functionality capable of downloading new DEX files at runtime during Operation BULL.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db",
-      "type": "relationship",
-      "created": "2019-08-09T17:59:48.988Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:48.988Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671",
-      "created": "2021-02-08T16:36:20.709Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-18T16:07:26.671Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers device model and operating system version information and transmits it to a command and control server.(Citation: FireEye-RuMMS)",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0",
-      "created": "2019-08-07T15:57:13.453Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can open a fake Google Play screen requesting bank card credentials and mimic the screen of relevant mobile banking apps to request user/bank card details.(Citation: Kaspersky Riltok June 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2",
-      "created": "2022-04-01T15:13:55.124Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be instructed to not open links in applications they don’t recognize.",
-      "modified": "2022-04-01T15:13:55.124Z",
+      "description": "On Android 11 and up, users are not prompted with the option to select “Allow all the time” and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ",
+      "modified": "2022-04-01T17:05:56.046Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.511Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.511Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has contained an alarm that triggers every three minutes and timers for communicating with the C2.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.287Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.290Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has implemented functions in native code.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1",
-      "created": "2022-04-05T19:48:31.354Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:48:31.354Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696",
-      "created": "2022-03-28T19:38:23.189Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-28T19:38:23.190Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa",
-      "created": "2022-04-01T16:52:36.974Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T16:52:36.974Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3",
-      "created": "2021-02-08T16:36:20.788Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included keylogging capabilities as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-15T17:35:26.197Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.502Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.502Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can take screenshots.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8",
-      "created": "2019-11-21T16:42:48.459Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:37:19.124Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can delete arbitrary files from the device.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.478Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-10-14T17:52:48.001Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the screen as the user unlocks the device and can take screenshots of any application in the foreground. [Monokle](https://attack.mitre.org/software/S0407) can also abuse accessibility features to read the screen to capture data from a large number of popular applications.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265",
-      "created": "2021-04-19T14:29:46.510Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:15:42.930Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.484Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.484Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can track the device’s location.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) uses SMS for command and control.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.419Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.419Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture audio from the device’s microphone and can record phone calls.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a",
-      "created": "2023-03-03T16:25:09.978Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:25:09.978Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) is believed to have initially infected devices using internet traffic hijacking to generate abnormal popups.(Citation: paloalto_yispecter_1015) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "modified": "2019-10-15T19:54:10.284Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole geo-location data.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.112Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952",
-      "created": "2020-04-24T17:46:31.564Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:25:55.378Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can intercept SMS messages.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4",
-      "created": "2023-03-30T15:18:37.934Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-30T15:18:37.934Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can take screenshots and abuse the Android Screen Cast feature to capture screen data.(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4735277-516a-4cd2-9607-a3e415945d93",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.800Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:54:20.494Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can remotely capture device audio.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed",
-      "created": "2023-03-20T18:58:56.347Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:56.347Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--24a7379e-a994-411b-b17c-add6c6c6fc07",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.949Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.949Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has hidden malicious functionality in a second stage file and has encrypted C2 server information.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998",
-      "created": "2020-04-08T15:41:19.385Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can create overlays to capture user credentials for targeted applications.(Citation: Cofense Anubis)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.582Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.582Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device network configuration information such as IMSI, IMEI, and Wi-Fi connection state.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50bab448-fee6-49e9-a296-498fe06eacc7",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.490Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2019-11-21T16:42:48.490Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can obtain a list of installed applications.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--319d46b5-de41-4f23-9001-2fa75f954720",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:01:14.020Z",
-      "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e",
-      "type": "relationship",
-      "created": "2020-01-14T17:47:08.826Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2020-01-14T17:47:08.826Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) checks the Android version to determine which system library to patch.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cd7a2294-1e14-42e8-b870-d99d73443b88",
-      "created": "2022-04-01T12:37:42.068Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be taught the danger behind granting unnecessary permissions to an application and should be advised to use extra scrutiny when an application requests them. ",
-      "modified": "2022-04-01T12:37:42.068Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "type": "relationship",
-      "id": "relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9",
-      "created": "2020-09-11T14:54:16.649Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:52:05.260Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect the device’s contact list.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.000Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.856Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can track the device's location.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d4154247-90ce-43b9-8c17-5c28f67617f5",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.747Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.747Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed browser history, as well as the files for 15 other apps.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-07-16T15:35:21.063Z",
-      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0",
-      "created": "2023-02-06T19:42:34.537Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-11T22:08:03.095Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can resist removal by going to the home screen during uninstall.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "type": "relationship",
       "id": "relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6",
@@ -39391,148 +36560,6 @@
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--289f5e23-088a-4840-a2a6-bab30da2a64b",
-      "created": "2022-04-01T16:51:04.584Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "GoogleIO2016",
-          "url": "https://www.youtube.com/watch?v=XZzLjllizYs",
-          "description": "Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)",
-      "modified": "2022-04-01T16:51:04.584Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae",
-      "created": "2019-09-04T20:01:42.753Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Nightwatch screencap April 2016",
-          "url": "https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/",
-          "description": "Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Application developers can apply the `FLAG_SECURE` property to sensitive screens within their apps to make it more difficult for the screen contents to be captured.(Citation: Nightwatch screencap April 2016) ",
-      "modified": "2022-04-01T13:31:59.712Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d71fab20-a56c-4404-a65d-aaa37056f16e",
-      "created": "2022-04-01T15:16:16.027Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Trend Micro iOS URL Hijacking",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
-          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
-      "modified": "2022-04-01T15:16:16.027Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030",
-      "created": "2022-03-30T20:42:04.251Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised to be extra scrutinous of applications that request location, and to deny any permissions requests for applications they do not recognize.",
-      "modified": "2022-03-30T20:42:04.251Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e",
-      "created": "2020-09-14T14:13:45.299Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version has used public key encryption and certificate pinning for C2 communication.(Citation: Lookout eSurv)",
-      "modified": "2022-04-18T15:58:08.240Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b697a198-8949-43e0-b2b8-23498373c920",
-      "created": "2023-03-20T18:37:13.628Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:37:13.628Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "type": "relationship",
       "id": "relationship--56758bb5-230e-43ac-9851-167c296c3dfa",
@@ -39552,700 +36579,6 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "type": "relationship",
-      "id": "relationship--a563fc97-a452-4348-a831-f4fb55c71e35",
-      "created": "2023-03-03T16:22:45.712Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:22:45.712Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has used fake Verisign and Symantec certificates to bypass malware detection systems. [YiSpecter](https://attack.mitre.org/software/S0311) has also signed malicious apps with iOS enterprise certificates to work on non-jailbroken iOS devices.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.364Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.364Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can take screenshots.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb",
-      "created": "2019-08-09T16:19:02.782Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Capture Sensor 2019",
-          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
-          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ",
-      "modified": "2022-04-01T15:21:13.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.421Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.421Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e",
-      "created": "2022-04-01T17:05:56.046Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On Android 11 and up, users are not prompted with the option to select “Allow all the time” and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ",
-      "modified": "2022-04-01T17:05:56.046Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc",
-      "created": "2023-02-28T20:37:01.639Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:13:55.642Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use `locale.getLanguage()` to choose the language for notifications and avoid user detection.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1",
-      "created": "2020-06-26T15:32:25.002Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can record keystrokes.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-15T17:33:17.868Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.289Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.289Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to capture data from installed applications.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3",
-      "created": "2023-03-16T13:32:02.290Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T13:32:02.290Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.485Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.117Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can obtain a list of installed applications.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--10c07066-df05-4dff-bb95-c76be02ea4ef",
-      "created": "2020-09-14T14:13:45.291Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/esurv-research"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:30:00.975Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d",
-      "created": "2019-09-03T20:08:00.760Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:11:36.853Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) communicates with the command and control server using HTTP requests.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cde60121-3d7c-47c8-abeb-582854425599",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.531Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can update the running malware.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f",
-      "created": "2020-10-29T19:01:13.839Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Microsoft MalLockerB",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:54:05.374Z",
-      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) can prevent the user from interacting with the UI by using a carefully crafted \"call\" notification screen. This is coupled with overriding the `onUserLeaveHint()` callback method to spawn a new notification instance when the current one is dismissed. (Citation: Microsoft MalLockerB)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d716163d-2492-4088-9235-b2310312ba27",
-      "created": "2022-04-06T15:44:48.422Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:44:48.422Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--875dc21d-92c3-45bf-be37-faa44f4449bf",
-      "created": "2020-06-02T14:32:31.891Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:51:44.262Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s contact list.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446",
-      "created": "2020-12-14T14:52:03.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:26:37.661Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect SMS messages.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c",
-      "created": "2020-12-14T14:52:03.385Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can fetch a backup C2 domain from Twitter if the primary C2 is unresponsive.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-20T17:56:51.457Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.144Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has the capability to exploit several known vulnerabilities and escalate privileges.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fbdbddd7-4980-4061-9192-24a887bc6bad",
-      "type": "relationship",
-      "created": "2020-12-07T14:28:32.141Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-12-07T14:28:32.141Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can open a SOCKS proxy connection through the compromised device.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590",
-      "created": "2019-09-23T13:36:08.543Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:57:05.633Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can access and upload the contacts list to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5b04c8d0-c026-4838-9383-e4146de36d4d",
-      "created": "2023-03-16T18:33:19.941Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:33:19.941Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81",
-      "created": "2022-04-05T20:03:46.789Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:03:46.789Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.501Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-14T16:47:53.197Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can record audio from the compromised device's microphone and can record call audio in 3GP format.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f",
-      "created": "2019-10-18T14:50:57.494Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities.",
-      "modified": "2022-04-11T14:26:44.192Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--65acbbe2-48e1-4fba-a781-39fb040a711d",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.505Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.178Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) One, after checking in, sends a POST request and then downloads  [Exodus](https://attack.mitre.org/software/S0405) Two, the second stage binaries.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2",
-      "created": "2023-03-20T19:00:26.780Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T19:00:26.780Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--04530307-22d8-4a06-9056-55eea225fabb",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.710Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.842Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9e95ef68-0650-49eb-888f-47c211481be9",
-      "created": "2023-03-20T18:51:40.217Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:40.217Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -40274,44 +36607,93 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--3bf4b093-a1a3-48da-9236-bce9514765eb",
-      "created": "2022-04-05T19:46:05.853Z",
+      "id": "relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030",
+      "created": "2022-03-30T20:42:04.251Z",
       "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Samsung Keyboards",
-          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
-          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards)",
-      "modified": "2022-04-05T19:46:05.853Z",
+      "description": "Users should be advised to be extra scrutinous of applications that request location, and to deny any permissions requests for applications they do not recognize.",
+      "modified": "2022-03-30T20:42:04.251Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd",
-      "created": "2023-03-20T18:43:03.117Z",
+      "id": "relationship--875dc21d-92c3-45bf-be37-faa44f4449bf",
+      "created": "2020-06-02T14:32:31.891Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:43:03.117Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "modified": "2023-04-05T19:51:44.262Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s contact list.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.364Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.364Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can take screenshots.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0",
+      "created": "2023-02-06T19:42:34.537Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-11T22:08:03.095Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can resist removal by going to the home screen during uninstall.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -40319,33 +36701,47 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec",
-      "created": "2022-04-01T15:54:48.924Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Applications very rarely require administrator permission. Developers should be cautioned against using this higher degree of access to avoid being flagged as a potentially malicious application. ",
-      "modified": "2022-04-01T15:54:48.924Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
       "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263",
-      "created": "2023-03-15T16:23:59.107Z",
+      "id": "relationship--76cc66f4-ce85-4873-a63e-879b4a14a540",
+      "created": "2023-03-03T16:23:20.764Z",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-15T16:23:59.107Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "modified": "2023-03-03T16:23:20.764Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has connected to the C2 server via HTTP.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -40356,22 +36752,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd",
+      "id": "relationship--65acbbe2-48e1-4fba-a781-39fb040a711d",
       "type": "relationship",
-      "created": "2020-06-26T15:12:40.094Z",
+      "created": "2019-09-03T19:45:48.505Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
         }
       ],
-      "modified": "2020-06-26T15:12:40.094Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)",
+      "modified": "2019-09-11T13:25:19.178Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) One, after checking in, sends a POST request and then downloads  [Exodus](https://attack.mitre.org/software/S0405) Two, the second stage binaries.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -40379,58 +36775,80 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1",
       "type": "relationship",
-      "created": "2020-11-24T17:55:12.887Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.887Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s model, country, and Android version.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "id": "relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f",
+      "created": "2019-10-18T14:50:57.494Z",
       "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb",
-      "created": "2020-12-24T22:04:28.024Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:41:54.548Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "revoked": false,
+      "description": "Security updates often contain patches for vulnerabilities.",
+      "modified": "2022-04-11T14:26:44.192Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b",
       "type": "relationship",
-      "created": "2020-12-24T21:45:56.981Z",
+      "id": "relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab",
+      "created": "2020-09-11T14:54:16.589Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can be controlled using SMS messages.(Citation: Lookout Desert Scorpion)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb",
+      "created": "2019-08-09T16:19:02.782Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android Capture Sensor 2019",
+          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
+          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ",
+      "modified": "2022-04-01T15:21:13.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--24a7379e-a994-411b-b17c-add6c6c6fc07",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.949Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -40439,11 +36857,11 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-12-24T21:45:56.981Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has access to the device’s location.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2020-12-24T21:45:56.949Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has hidden malicious functionality in a second stage file and has encrypted C2 server information.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
       "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -40451,53 +36869,7 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) update and sends the location of the phone.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da",
-      "type": "relationship",
-      "created": "2021-09-24T14:52:41.308Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2021-09-24T14:52:41.308Z",
-      "description": " [Monokle](https://attack.mitre.org/software/S0407) can hook itself to appear invisible to the Process Manager.(Citation: Lookout-Monokle) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b",
+      "id": "relationship--92129d5b-7822-4e84-8a69-f96b598fba9e",
       "type": "relationship",
       "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -40508,11 +36880,11 @@
           "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
         }
       ],
-      "modified": "2019-10-10T15:27:22.110Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to record calls as well as the victim device's environment.(Citation: Lookout-StealthMango)",
+      "modified": "2019-10-10T15:27:22.175Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses databases from WhatsApp, Viber, Skype, and Line.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
       "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -40520,22 +36892,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5e360913-4986-4423-8d3c-46d3202b7787",
+      "id": "relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0",
       "type": "relationship",
-      "created": "2019-09-04T14:28:15.471Z",
+      "created": "2020-12-24T21:55:56.692Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2019-10-14T17:51:37.979Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the salt used when storing the user’s password, aiding an adversary in computing the user’s plaintext password/PIN from the stored password hash. [Monokle](https://attack.mitre.org/software/S0407) can also capture the user’s dictionary, user-defined shortcuts, and browser history, enabling profiling of the user and their activities.(Citation: Lookout-Monokle)",
+      "modified": "2020-12-24T21:55:56.692Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has searched for specific existing data directories, including the Gmail app, Dropbox app, Pictures, and thumbnails.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -40543,25 +36915,150 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--078653a6-3613-4923-ae5a-1bccb8552e67",
       "type": "relationship",
-      "id": "relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1",
-      "created": "2022-04-06T13:52:46.831Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 7 changed how the Device Administrator password APIs function.",
-      "modified": "2022-04-06T13:52:46.831Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2020-09-11T16:22:03.250Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.250Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) has been installed in two stages and can secretly install new applications.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af",
-      "created": "2023-01-18T21:20:01.333Z",
+      "id": "relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3",
+      "created": "2020-04-08T15:41:19.404Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:18:13.761Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can steal the device’s contact list.(Citation: Cofense Anubis) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0bb6f851-4302-4936-a98e-d23feecb234d",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.777Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.777Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--05563777-5771-4bd6-a1af-3e244cf42372",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Xiao-KeyRaider",
+          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples search to find the Apple account's username, password and device's GUID in data being transferred.(Citation: Xiao-KeyRaider)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3f392718-87c4-483b-b89f-4f0cc056d251",
+      "type": "relationship",
+      "created": "2020-07-20T13:58:53.610Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.302Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s UDID, version number, and product number.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3",
+      "created": "2020-07-15T20:20:59.287Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:53:17.865Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can disable Play Protect.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369",
+      "created": "2023-02-02T17:46:27.077Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -40574,531 +37071,20 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:56:41.614Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use HTTP to send C2 messages to infected devices.(Citation: nccgroup_sharkbot_0322)",
+      "modified": "2023-03-27T18:43:17.131Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can exfiltrate captured user credentials and event logs back to the C2 server. (Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
       "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e",
-      "created": "2022-03-30T20:45:34.433Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Package Visibility",
-          "url": "https://developer.android.com/training/package-visibility",
-          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
-      "modified": "2022-04-11T19:19:52.562Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--10560632-6449-4579-90eb-20fc46dcca08",
-      "created": "2020-10-29T19:21:23.200Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:49:16.886Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can check that the device IP is not in the range of known Google IP addresses before triggering the payload and can delay payload deployment to avoid detection during testing and avoid association with unwanted ads.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d01b311d-8741-4b58-b127-88fecb2b0544",
-      "created": "2020-04-08T15:41:19.448Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) has a keylogger that works in every application installed on the device.(Citation: Cofense Anubis)",
-      "modified": "2022-04-15T17:33:02.327Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a",
-      "created": "2023-03-20T18:44:36.073Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:36.073Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.746Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-01T19:48:44.878Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has searched device storage for various files, including .amr files (audio recordings) and superuser binaries.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73",
-      "type": "relationship",
-      "created": "2020-07-20T14:12:15.566Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Check Point-Joker",
-          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
-          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-07-20T14:12:15.566Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can collect device notifications.(Citation: Check Point-Joker)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4efa4953-7854-4144-8837-d7831ccbe35d",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.691Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.691Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect a list of installed applications.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45",
-      "created": "2019-09-15T15:32:17.580Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Notification Listeners",
-          "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)",
-          "description": "Android. (n.d.).  DevicePolicyManager. Retrieved September 15, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On Android devices with a work profile, the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications running within the personal profile that can access notifications generated within the work profile. This policy would not affect notifications generated by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable notification access for unwanted applications, but this method would also block that entire application from running.(Citation: Android Notification Listeners) ",
-      "modified": "2022-04-01T14:50:28.686Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.497Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2019-11-21T16:42:48.497Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can take photos from both the front and back cameras.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.644Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.644Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has gathered device metadata, including model, manufacturer, SD card size, disk usage, memory, CPU, and serial number.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--148703c5-6d07-439c-a4ff-d77119c70857",
-      "created": "2023-03-20T18:52:21.767Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:21.767Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:49.184Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:49.184Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device’s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.919Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.919Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962",
-      "created": "2022-03-30T19:54:07.548Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
-      "modified": "2022-03-30T19:54:07.548Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9",
-      "created": "2022-04-01T17:08:15.158Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "CSRIC5-WG10-FinalReport",
-          "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf",
-          "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ",
-      "modified": "2022-04-11T19:09:00.362Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48",
-      "created": "2020-09-24T15:34:51.298Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:24:09.872Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can intercept SMS messages.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CrowdStrike-Android",
-          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
-          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was believed to have been used to obtain locational data of Ukrainian artillery forces.(Citation: CrowdStrike-Android)",
-      "relationship_type": "uses",
-      "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--75ed2348-279f-4485-97a3-9a5ada27d799",
-      "created": "2023-02-06T19:06:17.406Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:06:17.406Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can disable Play Protect.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3bf5a566-986b-478c-b2da-e57caf261378",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.515Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.216Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.420Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.420Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved device images for exfiltration.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d",
-      "created": "2023-03-20T18:38:36.873Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:38:36.873Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--634071ce-d386-4143-8e6e-b88bc077de6d",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.961Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.782Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can dynamically load executable code from remote sources.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d",
-      "created": "2020-09-11T14:54:16.587Z",
+      "id": "relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b",
+      "created": "2020-09-11T14:54:16.638Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -41111,86 +37097,89 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:25:21.998Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can retrieve SMS messages.(Citation: Lookout Desert Scorpion)",
+      "modified": "2023-04-05T20:36:55.810Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can delete copies of itself if additional APKs are downloaded to external storage.(Citation: Lookout Desert Scorpion)",
       "relationship_type": "uses",
       "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e03b25b0-0779-48da-b5d7-28f1f6106363",
       "type": "relationship",
-      "created": "2020-12-24T22:04:27.992Z",
+      "id": "relationship--fa5f3aea-2131-4690-8833-dc428fae2b22",
+      "created": "2023-01-18T21:38:34.350Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
         }
       ],
-      "modified": "2020-12-24T22:04:27.992Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3",
-      "created": "2020-12-14T14:52:03.283Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
+      "modified": "2023-03-27T18:57:53.504Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can intercept notifications to send to the C2 server and take advantage of the Direct Reply feature.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP requests over port 7878.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-20T16:43:23.973Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951",
-      "created": "2023-01-19T18:08:14.716Z",
+      "id": "relationship--d64c4924-76f0-4b2e-858d-b0df733334d0",
+      "created": "2023-02-06T19:03:11.265Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-01T16:50:04.964Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) has encrypted C2 details, email addresses, and passwords.(Citation: trendmicro_tianyspy_0122) ",
+      "modified": "2023-03-27T17:23:09.430Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can modify system settings to give itself device administrator privileges.(Citation: lookout_abstractemu_1021)",
       "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024",
+      "created": "2022-04-15T18:11:06.097Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Skycure-Profiles",
+          "description": "Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December 22, 2016.",
+          "url": "https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:28:11.000Z",
+      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.(Citation: Skycure-Profiles)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -41200,71 +37189,309 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891",
+      "id": "relationship--27247071-356b-4b5f-bc8f-6436a3fec095",
       "type": "relationship",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "ArsTechnica-HummingBad",
-          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
-          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
         }
       ],
       "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can exploit unfixed vulnerabilities in older Android versions to root victim phones.(Citation: ArsTechnica-HummingBad)",
+      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's location.(Citation: Lookout-EnterpriseApps)",
       "relationship_type": "uses",
-      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f",
-      "created": "2020-12-24T21:55:56.749Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--ed48a86f-e55f-4abf-8f18-98591b756399",
+      "created": "2023-03-03T16:19:30.443Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:41:52.454Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has hidden its app icon.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2023-03-03T16:19:30.443Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has hidden the app icon from iOS springboard.(Citation: paloalto_yispecter_1015)",
       "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
       "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.644Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.644Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can list files stored on external storage.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.986Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.986Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can install new applications which are obtained from the C2 server.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:53:24.312Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted contact lists.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Judy",
+          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/",
+          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Judy](https://attack.mitre.org/software/S0325) uses infected devices to generate fraudulent clicks on advertisements to generate revenue.(Citation: CheckPoint-Judy)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db",
+      "type": "relationship",
+      "created": "2019-08-09T17:59:48.988Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:48.988Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5ced57a7-b674-40d4-98b8-a090963a6ade",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-09-18T13:45:58.872Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) abuses Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be",
+      "created": "2021-02-17T20:43:52.337Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020.",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:30:32.294Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has read SMS messages for exfiltration.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--da4296d7-5fdb-45b6-9791-b023d634c08d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.760Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record location.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cc81b56c-cf73-4307-b950-e80246985195",
+      "created": "2019-10-18T14:50:57.473Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "OS security updates typically contain exploit patches when disclosed.",
+      "modified": "2022-03-28T19:20:44.337Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898",
+      "created": "2019-09-04T14:28:16.414Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:41:16.423Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve call history.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f",
-      "created": "2019-09-03T19:45:48.518Z",
+      "id": "relationship--36268322-9f5e-4749-8760-6430178a3d68",
+      "created": "2020-06-26T14:55:13.311Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+          "source_name": "Cybereason EventBot",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:11:03.802Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can capture SMS messages.(Citation: SWB Exodus March 2019)",
+      "modified": "2023-04-05T20:25:08.956Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can intercept SMS messages.(Citation: Cybereason EventBot)",
       "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -41273,25 +37500,195 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--d32003ba-959b-4377-aa04-f75275c32abf",
-      "created": "2019-07-16T14:33:12.144Z",
+      "id": "relationship--35927c96-7645-4ef3-b3da-e44822386a10",
+      "created": "2023-01-18T21:43:10.838Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Google Triada June 2019",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019.",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html"
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:40:27.131Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) utilized HTTP to exfiltrate data through POST requests to the command and control server.(Citation: Google Triada June 2019) ",
+      "modified": "2023-03-27T18:47:19.403Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) contains domain generation algorithms to use as backups in case the hardcoded C2 domains are unavailable.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d1318f71-7f70-4820-a3fc-0d05af038733",
+      "created": "2021-10-01T14:42:49.154Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5977289e-d38f-4974-912b-2151fc00c850",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.524Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.524Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s phone number and IMSI.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--afe9e326-01f7-4296-a11b-09cfffd80120",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.962Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.747Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads and system prompts to create new Google accounts.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.000Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.856Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can track the device's location.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "modified": "2019-10-10T15:24:09.248Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) collects the device's location.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--98ae9cb2-1141-48c6-81fd-f16adb430031",
+      "created": "2023-01-18T19:17:07.565Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:07:52.850Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can request the `READ_EXTERNAL_STORAGE` and `WRITE_EXTERNAL_STORAGE` Android permissions.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--22f5308c-77ee-4198-be1c-54062aa6a613",
+      "created": "2020-12-31T18:25:05.160Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:00:13.616Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -41301,66 +37698,278 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "id": "relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69",
+      "created": "2020-04-08T15:51:25.078Z",
       "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--66ba3094-7c14-41b9-b7c1-814d026156b9",
-      "type": "relationship",
-      "created": "2020-09-11T15:58:40.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:58:40.846Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete and send SMS messages.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150",
-      "type": "relationship",
-      "created": "2020-05-11T16:37:36.673Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "source_name": "ThreatFabric Ginp",
           "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
         }
       ],
-      "modified": "2020-05-11T16:37:36.673Z",
-      "description": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can use a multi-step phishing overlay to capture banking credentials and then credit card numbers after login.(Citation: ThreatFabric Ginp)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ffc82546-f4da-4f47-88ec-b215edb1d695",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.799Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.589Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included malware functionality capable of downloading new DEX files at runtime during Operation BULL.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8",
+      "created": "2023-03-01T22:18:19.004Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:14:48.174Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can send contact lists to its C2 server.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e",
+      "created": "2022-03-30T19:29:07.379Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
+      "modified": "2022-03-30T19:29:07.379Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.319Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.319Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect voice notes, device accounts, and gallery images.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
       "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4",
       "type": "relationship",
-      "id": "relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438",
+      "created": "2020-09-11T15:57:37.770Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:57:37.770Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can delete SMS messages.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2",
+      "created": "2020-09-15T15:18:12.460Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:58:31.945Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s network information.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e",
+      "type": "relationship",
+      "created": "2019-09-23T13:36:08.386Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-09-23T13:36:08.386Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects the device's IMEI and sends it to the command and control server.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad",
+      "created": "2022-04-05T19:45:03.117Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:45:03.117Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783",
+      "created": "2023-03-20T18:55:51.580Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:55:51.580Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.484Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.484Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can track the device’s location.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4761145d-34ac-4b45-a0d6-a09b1907a196",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.367Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.367Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can inject clicks to launch applications, share posts on social media, and interact with WebViews to perform fraudulent actions.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e4019493-bd52-4011-9355-8902be6ff3f3",
       "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
@@ -41374,11 +37983,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:53:53.384Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests contact lists from victims.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2023-04-05T17:49:19.083Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) registers the broadcast receiver to listen for events related to device boot-up.(Citation: PaloAlto-SpyDealer)",
       "relationship_type": "uses",
       "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -41386,28 +37995,34 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf",
-      "created": "2023-03-16T18:28:28.144Z",
+      "id": "relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-16T18:28:28.144Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "modified": "2023-04-05T21:26:35.443Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) maintains persistence by installing an Android application package (APK) on the system partition.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
+      "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78",
-      "created": "2023-02-28T20:37:59.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3",
+      "created": "2023-02-28T20:31:31.983Z",
       "revoked": false,
       "external_references": [
         {
@@ -41419,52 +38034,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-31T22:08:37.122Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can obfuscated class, string, and method names in newer malware versions.(Citation: proofpoint_flubot_0421)",
+      "modified": "2023-02-28T20:31:31.983Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can intercept SMS messages and USSD messages from Telcom operators.(Citation: proofpoint_flubot_0421)",
       "relationship_type": "uses",
       "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.445Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.445Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s camera.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108",
-      "created": "2023-03-20T18:57:17.059Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:17.059Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -41473,404 +38047,24 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52",
-      "created": "2023-01-19T18:07:52.146Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:19:25.438Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can exfiltrate collected user data, including credentials and authorized cookies, via email.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "HackerNews-OldBoot",
-          "description": "Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December 21, 2016.",
-          "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[OldBoot](https://attack.mitre.org/software/S0285) uses escalated privileges to modify the init script on the device's boot partition to maintain persistence.(Citation: HackerNews-OldBoot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc",
-      "created": "2020-09-14T14:13:45.286Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/esurv-research"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:40:48.237Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--54dac52d-5279-407f-b7b4-5484ae90b98c",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.402Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.402Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has downloaded and installed additional applications.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--554ec347-c8b2-43da-876b-36608dcc543d",
-      "created": "2017-10-25T14:48:53.746Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TelephonyManager",
-          "url": "https://developer.android.com/reference/android/telephony/TelephonyManager.html",
-          "description": "Android. (n.d.). TelephonyManager. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ",
-      "modified": "2022-03-30T21:04:59.921Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6a715733-cde6-4903-b967-35562b584c6f",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.878Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.878Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164",
-      "type": "relationship",
-      "created": "2020-01-27T17:49:05.664Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:49:05.664Z",
-      "description": "(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
-      "target_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef",
-      "created": "2020-07-27T14:14:56.993Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads.(Citation: Google Security Zen)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca",
-      "created": "2023-03-20T18:58:19.895Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:19.895Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--352fabc8-48fe-4190-92b3-49b00348bb22",
-      "created": "2019-03-11T15:13:40.454Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-Anserver",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/",
-          "description": "Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.(Citation: TrendMicro-Anserver)",
-      "modified": "2022-04-18T19:04:48.388Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e03b0eb5-32c6-4867-9235-77fe32192983",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.916Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.071Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can track the device's location.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7",
-      "created": "2023-03-20T15:16:28.177Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:16:28.177Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3",
-      "created": "2023-02-06T19:01:39.599Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:25:11.903Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself contact list access.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76",
-      "created": "2019-10-18T14:50:57.472Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain patches for known exploits.",
-      "modified": "2022-03-25T14:12:54.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--93c20f43-6684-471c-910f-d9577f289677",
+      "id": "relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828",
       "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-19T15:47:05.436Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--afc0e8b2-2e85-4640-8517-fb2e16831082",
-      "created": "2023-01-18T19:45:27.807Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:56:03.190Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use a WebView with a fake log in site to capture banking credentials.(Citation: nccgroup_sharkbot_0322)",
+      "modified": "2023-04-05T20:33:12.082Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests SMS and MMS messages from victims.(Citation: PaloAlto-SpyDealer)",
       "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7",
-      "created": "2020-07-20T13:27:33.440Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:26:22.984Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect SMS messages.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -41881,71 +38075,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--e9b262ba-1c32-40b3-8622-121b30d6df50",
+      "id": "relationship--95bf4e8b-f388-48a0-b236-c2077252e71e",
       "type": "relationship",
-      "created": "2019-10-10T15:14:57.378Z",
+      "created": "2019-09-03T20:08:00.757Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
         }
       ],
-      "modified": "2019-10-10T15:14:57.378Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract information on pictures from the Gallery, Chrome and SBrowser bookmarks, and the connected WiFi network's password.(Citation: SWB Exodus March 2019)",
+      "modified": "2019-09-15T15:35:33.380Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers the device IMEI to send to the command and control server.(Citation: Talos Gustuff Apr 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f",
-      "created": "2019-12-10T16:07:41.083Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:21:03.081Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can enable installation of apps from unknown sources.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.218Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.218Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can obtain the running application.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -41953,116 +38098,15 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0",
+      "id": "relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0",
       "type": "relationship",
-      "created": "2021-10-01T14:42:48.728Z",
+      "created": "2019-09-15T15:32:17.563Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.728Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--67aa692c-24e4-483e-996e-02ce1e861ec8",
-      "created": "2023-02-28T20:37:29.206Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:09:02.129Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can add display overlays onto banking apps to capture credit card information.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544",
-      "created": "2022-04-05T19:40:25.071Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:40:25.071Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--54151897-cc7e-4f92-af50-bed41ea78d92",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:03:20.968Z",
-      "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--28e39395-91e7-4f02-b694-5e079c964da9",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--35453bbb-c9b3-4421-8452-95efdd290d21",
-      "type": "relationship",
-      "created": "2021-01-20T16:01:19.323Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zimperium z9",
-          "url": "https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/",
-          "description": "zLabs. (2019, November 12).  How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January 20, 2021."
-        }
-      ],
-      "modified": "2021-01-20T16:01:19.323Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of running processes.(Citation: Zimperium z9)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "modified": "2020-07-09T14:07:02.315Z",
+      "description": "Application developers could be encouraged to avoid placing sensitive data in notification text.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -42070,53 +38114,7 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6d659130-545b-4917-891c-6c1b7d54ed07",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.505Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.505Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can send SMS messages.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f65087b4-adf2-4292-a711-7ae829e91397",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.385Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.877Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can list applications installed on the device.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d",
+      "id": "relationship--c374c9ce-ff30-4daa-bdec-8015a507746a",
       "type": "relationship",
       "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -42127,34 +38125,11 @@
           "source_name": "Kaspersky-Skygofree"
         }
       ],
-      "modified": "2019-08-09T18:08:07.183Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can download executable code from the C2 server after the implant starts or after a specific command.(Citation: Kaspersky-Skygofree)",
+      "modified": "2019-08-09T18:08:07.145Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has a capability to obtain files from other installed applications.(Citation: Kaspersky-Skygofree)",
       "relationship_type": "uses",
       "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fa1da6db-da32-45d2-98a8-6bbe153166da",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) tracks the device location.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -42163,33 +38138,33 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86",
-      "created": "2022-04-06T13:55:37.498Z",
+      "id": "relationship--7db33293-6971-4c0d-88e0-18f505ebd943",
+      "created": "2022-04-05T20:11:51.188Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Users should be advised that applications generally do not require permission to send SMS messages.",
-      "modified": "2022-04-06T13:55:37.498Z",
+      "description": "Recent OS versions have made it more difficult for applications to register as VPN providers. ",
+      "modified": "2022-04-05T20:11:51.188Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93",
-      "created": "2023-03-20T18:21:59.396Z",
+      "id": "relationship--3be6ad82-722d-4699-8e3a-c1ea60018244",
+      "created": "2023-03-16T13:32:55.140Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:21:59.396Z",
+      "modified": "2023-03-16T13:32:55.140Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -42197,92 +38172,18 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c",
       "type": "relationship",
-      "created": "2020-07-27T14:14:56.954Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.777Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can obtain root access via a rooting trojan in its infection chain.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5107be8a-b5fc-4442-af0d-2c92e086a912",
-      "type": "relationship",
-      "created": "2020-05-11T16:13:43.062Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-11T16:13:43.062Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.488Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "source_name": "SecureList - ViceLeaker 2019"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "modified": "2020-01-21T14:20:50.474Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can record audio from the device’s microphone and can record phone calls together with the caller ID.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2",
-      "created": "2023-03-20T18:50:32.580Z",
+      "id": "relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106",
+      "created": "2023-03-15T16:26:38.465Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:50:32.580Z",
+      "modified": "2023-03-15T16:26:38.465Z",
       "description": "",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -42291,27 +38192,8 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a",
-      "created": "2023-03-20T18:53:35.012Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:35.012Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda",
-      "created": "2023-02-06T19:02:00.135Z",
+      "id": "relationship--b309c25a-6baf-4874-829d-63712a38652c",
+      "created": "2023-02-06T19:02:16.194Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -42324,75 +38206,79 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:16:28.481Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself microphone permissions.(Citation: lookout_abstractemu_1021)",
+      "modified": "2023-03-27T17:21:41.461Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself camera permissions.(Citation: lookout_abstractemu_1021)",
       "relationship_type": "uses",
       "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0cae6859-d7d1-483b-b473-4f32084938a9",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.818Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to record device audio.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
       "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c23d9eff-1d4e-479f-a114-acc535540a23",
-      "created": "2023-03-20T18:46:51.895Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:46:51.895Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0",
-      "created": "2017-10-25T14:48:53.741Z",
       "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6",
+      "created": "2022-04-01T14:59:53.782Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.",
-      "modified": "2022-03-30T20:25:46.994Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "description": "Device attestation can often detect jailbroken devices.",
+      "modified": "2022-04-01T14:59:53.782Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a",
+      "created": "2020-12-28T18:47:52.357Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+          "source_name": "Palo Alto HenBox",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:28:46.820Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects SMS messages.(Citation: TrendMicro-XLoader)",
+      "modified": "2023-04-05T21:22:26.702Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can run commands as root.(Citation: Palo Alto HenBox) ",
       "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -42402,9 +38288,233 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a",
+      "id": "relationship--6a821e14-8247-408b-af37-9cecbba616ec",
       "type": "relationship",
-      "created": "2020-12-24T21:55:56.726Z",
+      "created": "2020-05-07T15:33:32.945Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-07T15:33:32.945Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device’s application list.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Some original variants of [BrainTest](https://attack.mitre.org/software/S0293) had the capability to automatically root some devices, but that behavior was not observed in later samples.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1",
+      "created": "2020-10-29T17:48:27.272Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-15T16:53:00.735Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.692Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.443Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included system information enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--66132260-65d1-4bf5-8200-abdb2014be6f",
+      "created": "2020-09-15T15:18:12.465Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:51:12.881Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can detect if it is running in an emulator and adjust its behavior accordingly.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.093Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.093Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can download code and binaries from the C2 server to execute on the device as root.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--44da429b-9dee-43c9-9397-445c6f9e647e",
+      "created": "2022-03-30T19:54:59.651Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android includes system partition integrity mechanisms that could detect unauthorized modifications. ",
+      "modified": "2022-03-30T19:54:59.651Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Enterprises can provision policies to mobile devices that require a minimum complexity (length, character requirements, etc.) for the device passcode, and cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. Enterprises can also provision policies to disable biometric authentication, however, biometric authentication can help make using a longer, more complex passcode more practical because it does not need to be entered as frequently. ",
+      "modified": "2022-03-28T19:20:30.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cacc0b72-9d73-4381-90e9-545ba908722c",
+      "type": "relationship",
+      "created": "2019-09-15T15:35:33.215Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
+        }
+      ],
+      "modified": "2019-09-15T15:35:33.215Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) injects the global action `GLOBAL_ACTION_BACK` to mimic pressing the back button to close the application if a call to an open antivirus application is detected.(Citation: Talos Gustuff Apr 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77",
+      "created": "2022-04-06T15:52:41.579Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:52:41.579Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65",
+      "type": "relationship",
+      "created": "2021-04-19T17:05:42.574Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -42413,50 +38523,27 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-12-24T21:55:56.726Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has downloaded additional code to root devices, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2021-04-19T17:05:42.574Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has collected files from the infected device.(Citation: Lookout Uyghur Campaign)\t",
       "relationship_type": "uses",
       "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "modified": "2019-10-09T14:51:42.827Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--d170a088-b115-4a86-b093-8aa32666a470",
-      "created": "2023-03-15T16:39:55.148Z",
+      "id": "relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5",
+      "created": "2023-03-20T18:50:21.296Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-15T16:39:55.148Z",
+      "modified": "2023-03-20T18:50:21.296Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -42467,213 +38554,77 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--1250f91c-723d-4b4c-afea-b3a71101951f",
       "type": "relationship",
-      "created": "2019-08-07T15:57:13.415Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-15T15:36:42.339Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query the device's IMEI.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "id": "relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6",
+      "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--12852406-87df-4892-a177-e15e81739000",
-      "created": "2023-03-20T18:50:14.139Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "external_references": [
+        {
+          "source_name": "Proofpoint-Marcher",
+          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks",
+          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018."
+        }
       ],
-      "modified": "2023-03-20T18:50:14.139Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7",
-      "created": "2023-03-20T15:33:34.181Z",
       "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:33:34.181Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "description": "[Marcher](https://attack.mitre.org/software/S0317) attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. [Marcher](https://attack.mitre.org/software/S0317) also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.(Citation: Proofpoint-Marcher)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--8c656539-aa1e-42db-9016-d38f1daaae16",
-      "created": "2023-01-18T19:20:26.156Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3",
+      "created": "2023-02-06T19:43:43.574Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:06:05.822Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can collect user SMS messages.(Citation: cyble_drinik_1022)",
+      "modified": "2023-02-06T19:43:43.574Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can uninstall itself.(Citation: threatfabric_sova_0921)",
       "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1",
-      "created": "2020-10-29T17:48:27.175Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:18:05.613Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "type": "relationship",
+      "id": "relationship--a3c4b392-2879-4f31-9431-3398e034851b",
+      "created": "2022-04-06T13:52:37.470Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be cautioned against granting administrative access to applications.",
+      "modified": "2022-04-06T13:52:37.470Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
       "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a",
-      "created": "2023-03-20T18:39:10.113Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:39:10.113Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1",
-      "created": "2020-12-24T21:45:56.920Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:16:17.615Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has attempted to trick users into enabling installation of applications from unknown sources.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e0f58ab7-b246-4c41-9afc-89b582590809",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.374Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.374Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can download additional modules at runtime via JavaScript `eval` statements.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e",
-      "created": "2023-02-28T20:34:18.504Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:12:45.147Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use HTTP POST requests on port 80 for communicating with its C2 server.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--605d95a1-0493-418e-9d81-de58531c4421",
-      "created": "2020-04-24T15:12:11.217Z",
+      "id": "relationship--818b8c2b-bd23-4a83-9970-d42063608699",
+      "created": "2020-04-24T15:06:33.393Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -42686,105 +38637,86 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:04:31.136Z",
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2023-04-05T19:49:04.950Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device contacts.(Citation: TrendMicro Coronavirus Updates)",
       "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5",
-      "created": "2023-03-20T15:21:12.492Z",
-      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T15:21:12.492Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "id": "relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.381Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.381Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved account information for other applications.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415",
+      "id": "relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84",
       "type": "relationship",
-      "created": "2020-11-10T17:08:35.819Z",
+      "created": "2019-07-10T15:35:43.708Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
         }
       ],
-      "modified": "2020-11-10T17:08:35.819Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s location and track the device over time.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2019-08-09T18:06:11.797Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:37:02.853Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole call logs.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "type": "relationship",
+      "id": "relationship--718a612e-50c5-40ab-9081-b88cefeafcb6",
+      "created": "2021-04-26T15:33:55.905Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CitizenLab Circles",
+          "url": "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/",
+          "description": "Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020."
+        }
+      ],
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fcb3a139-f644-45c9-8123-dfea0455143a",
-      "type": "relationship",
-      "created": "2019-08-09T17:56:05.588Z",
+      "revoked": false,
+      "description": "[Circles](https://attack.mitre.org/software/S0602) can track the location of mobile devices.(Citation: CitizenLab Circles)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.588Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record video and take photos via front and rear cameras.(Citation: PaloAlto-SpyDealer)",
       "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
+      "source_ref": "malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -42792,16 +38724,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5",
-      "created": "2022-04-06T15:47:06.163Z",
+      "id": "relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2",
+      "created": "2022-04-08T16:29:55.322Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-06T15:47:06.163Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "modified": "2022-04-08T16:29:55.322Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
+      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -42810,9 +38742,1214 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--fcc42341-ec3a-4e24-a374-46bed72d061f",
+      "id": "relationship--82555171-8b78-40f3-84d9-058359ae808a",
       "type": "relationship",
-      "created": "2021-10-01T14:42:49.191Z",
+      "created": "2020-09-24T15:34:51.244Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.244Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can send and block SMS messages.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b641e5b8-5981-452a-99f0-3598c783e5ee",
+      "created": "2019-08-07T15:57:13.443Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:30:47.506Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can intercept incoming SMS messages.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803",
+      "created": "2023-02-06T19:05:00.862Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:20:37.796Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can obtain a list of installed applications.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8",
+      "created": "2023-02-06T18:59:15.881Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:21:10.915Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can collect device information such as manufacturer, model, version, serial number, and telephone number.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:33:51.882Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) modifies the system partition to maintain persistence.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10",
+      "created": "2023-03-03T15:36:15.840Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T15:36:15.840Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can access device call logs.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e08820f-a81d-480e-9e60-f14db3e49080",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.909Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.568Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can take photos and videos.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.078Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.078Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) attempts to gain root access by using local exploits.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0993769f-63fb-4720-bbcf-e6f37f71515e",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.875Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.875Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86",
+      "created": "2023-03-20T15:16:43.275Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:16:43.275Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.106Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.106Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.553Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.518Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) sends the device’s IMEI with each exfiltration request.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ede5c314-5988-4151-bb30-b6a6983d02c0",
+      "created": "2020-12-31T18:25:05.164Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2022-04-15T15:16:53.317Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1822e616-ae33-487c-8aa6-4fa81e724184",
+      "created": "2021-02-08T16:36:20.785Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:06:22.576Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included contact list exfiltration in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81",
+      "created": "2023-03-20T15:45:44.000Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:45:44.000Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.562Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "source_name": "FortiGuard-FlexiSpy"
+        }
+      ],
+      "modified": "2019-10-14T18:08:28.500Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can communicate with the command and control server over ports 12512 and 12514.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b",
+      "created": "2020-11-24T18:18:33.772Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:24:43.120Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36",
+      "created": "2020-05-07T15:33:32.895Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--22041a01-75e7-4ff6-8768-ad45188c53c7",
+      "created": "2023-02-28T21:45:25.064Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-01T22:03:00.755Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can obtain a list of installed applications.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Gooligan Citation",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) can install adware to generate revenue.(Citation: Gooligan Citation)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e",
+      "created": "2020-07-15T20:20:59.200Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:50:39.124Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access the device’s contact list.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39",
+      "created": "2020-06-26T14:55:13.387Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:59:55.854Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) communicates with the C2 using HTTP requests.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2",
+      "created": "2019-09-04T14:28:15.482Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:28:58.447Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can reset the user's password/PIN.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3dd0cd4d-bcde-4105-b98e-b32add191083",
+      "created": "2020-01-27T17:05:58.331Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:39:39.589Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) exfiltrates data using HTTP POST requests.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527",
+      "created": "2019-09-04T14:28:16.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:57:56.616Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve nearby cell tower and Wi-Fi network information.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.388Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-18T13:44:13.453Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) injects input to set itself as the default SMS handler by clicking the appropriate places on the screen. It can also close or minimize targeted antivirus applications and the device security settings screen.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--44304163-9a44-4760-bd04-0e14adb33299",
+      "created": "2022-04-01T15:13:40.779Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Trend Micro iOS URL Hijacking",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
+          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
+      "modified": "2022-04-01T15:13:40.779Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.178Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.178Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--df337ad4-c88e-425f-b869-ecac29674bf4",
+      "type": "relationship",
+      "created": "2021-03-25T16:39:40.200Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2021-03-25T16:39:40.200Z",
+      "description": "(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
+      "target_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.793Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can monitor clipboard content.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e",
+      "created": "2022-03-30T18:15:03.625Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T18:15:03.625Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11",
+      "created": "2022-09-29T20:08:54.389Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T18:38:37.195Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of exfiltrating specific files directly from the infected devices.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd",
+      "created": "2021-02-08T16:36:20.707Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:05:01.189Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has installed malicious MDM profiles on iOS devices as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:13:36.481Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses calendar entries.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429",
+      "created": "2022-04-01T18:51:28.859Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain patches to vulnerabilities that can be exploited for root access.",
+      "modified": "2022-04-01T18:51:28.859Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3498d304-48e3-4fe4-a3ab-fc261104f413",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.094Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8d027310-93a0-4046-b7ad-d1f461f30838",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.783Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) has the ability to dynamically download and execute new code at runtime.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bf901bab-3caa-4d05-a859-d9fb4d838304",
+      "type": "relationship",
+      "created": "2019-10-10T15:27:22.091Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.091Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses browser history, pictures, and videos.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d",
+      "created": "2023-02-06T18:52:40.543Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:14:41.449Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can intercept SMS messages containing two factor authentication codes.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Tripwire-MazarBOT",
+          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016.",
+          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:27:47.788Z",
+      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can intercept two-factor authentication codes sent by online banking apps.(Citation: Tripwire-MazarBOT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a93ee044-bd5d-48f3-972e-0abab780c35c",
+      "created": "2023-02-08T20:05:06.786Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:21:22.070Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can steal information via malicious JavaScript.(Citation: trendmicro_tianyspy_0122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b53d1c92-b71f-434e-aa4f-08b8db765248",
+      "type": "relationship",
+      "created": "2019-07-10T15:25:57.604Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "modified": "2019-08-12T17:30:07.572Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47",
+      "created": "2023-03-20T15:20:11.652Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:20:11.652Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4454a696-7619-40ee-971b-cbf646e4ee61",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to send messages to premium SMS messages.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e29d91f0-ebee-481d-9344-702c90775109",
+      "type": "relationship",
+      "created": "2020-05-07T15:33:32.928Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-07T15:33:32.928Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BankInfoSecurity-BackDoor",
+          "url": "http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534",
+          "description": "Jeremy Kirk. (2016, November 16). Why Did Chinese Spyware Linger in U.S. Phones?. Retrieved February 6, 2017."
+        },
+        {
+          "source_name": "NYTimes-BackDoor",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Adups](https://attack.mitre.org/software/S0309) was pre-installed on Android devices from some vendors.(Citation: NYTimes-BackDoor)(Citation: BankInfoSecurity-BackDoor)",
+      "modified": "2022-04-19T15:46:20.166Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5b235ed4-548d-49f2-ae01-1874666e6747",
+      "created": "2022-03-30T19:51:56.543Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:51:56.543Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dc7ef843-a073-4e23-b717-c505d4863b02",
+      "created": "2023-03-20T18:53:58.856Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:53:58.856Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cbf17fea-141e-44b8-831c-b3cc41066420",
+      "type": "relationship",
+      "created": "2021-01-20T16:01:19.409Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.409Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can download attacker-specified APK files.(Citation: Trend Micro Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1cca5e17-80ae-4b6e-8919-2768153aa966",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-Xbot",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) uses phishing pages mimicking Google Play's payment interface as well as bank login pages.(Citation: PaloAlto-Xbot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.740Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -42821,27 +39958,352 @@
           "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
         }
       ],
-      "modified": "2021-10-01T14:42:49.191Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)",
+      "modified": "2021-10-12T13:51:41.045Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)",
       "relationship_type": "uses",
       "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.171Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can take screenshots of other applications.(Citation: FlexiSpy-Features) ",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--03ff6271-d7bc-40f3-b83d-25c541333694",
+      "type": "relationship",
+      "created": "2019-11-19T17:32:20.701Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-12-26T16:14:33.468Z",
+      "description": "If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--27490b14-8044-408a-8c6a-6d8427eb78ff",
-      "created": "2023-03-20T18:44:26.233Z",
+      "id": "relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48",
+      "created": "2023-03-16T18:37:55.715Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:44:26.233Z",
+      "modified": "2023-03-16T18:37:55.715Z",
       "description": "",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15",
+      "type": "relationship",
+      "created": "2021-09-24T14:47:34.447Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-04T20:08:48.439Z",
+      "description": "Device attestation can often detect rooted devices.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af",
+      "created": "2020-12-14T14:52:03.322Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:52:58.974Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s contact list.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.566Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.566Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect device metadata and can check if the device is rooted.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.979Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T14:29:46.650Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can retrieve files from external storage and can collect browser data.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51",
+      "created": "2020-12-14T14:52:03.359Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:12:27.624Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea",
+      "created": "2023-02-06T19:45:58.793Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-11T22:08:45.192Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use the open-source project RetroFit for C2 communication.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8a255d63-a770-4b9d-911c-bd906733ceef",
+      "created": "2023-01-18T19:24:36.689Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:05:42.846Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) has C2 commands that can move the malware in and out of the foreground. (Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f",
+      "created": "2021-01-20T16:01:19.488Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Anubis",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021.",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:17:07.374Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) has used motion sensor data  to attempt to determine if it is running in an emulator.(Citation: Trend Micro Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd",
+      "created": "2021-01-05T20:16:20.488Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can launch a fake Facebook login page.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.546Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.537Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can receive system notifications.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57",
+      "created": "2020-11-24T17:55:12.826Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:22:41.797Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can wipe the device.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9b56528f-cf04-4d81-80ee-7bacb862383a",
+      "created": "2023-03-20T18:57:33.693Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:57:33.693Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -42850,8 +40312,166 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--57a069a0-399f-43ab-9efc-50432a41b26b",
-      "created": "2020-12-24T21:55:56.743Z",
+      "id": "relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a",
+      "created": "2019-07-16T14:33:12.175Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky Triada March 2016",
+          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019.",
+          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:25:35.330Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) variants capture transaction data from SMS-based in-app purchases.(Citation: Kaspersky Triada March 2016) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b",
+      "created": "2020-04-08T15:51:25.128Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:29:36.827Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-Xbot",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:28:32.568Z",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) steals all SMS message and contact information as well as intercepts and parses certain SMS messages.(Citation: PaloAlto-Xbot)",
+      "relationship_type": "uses",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2",
+      "created": "2023-03-20T18:53:15.929Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:53:15.929Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4",
+      "created": "2022-03-28T19:30:27.364Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.",
+      "modified": "2022-03-28T19:30:27.364Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046",
+      "created": "2022-04-05T17:14:35.469Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:14:35.469Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.613Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.613Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can inject input to set itself as the default SMS handler, and to automatically click through pop-ups without giving the user any time to react.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ddca1254-b404-4850-9566-0be35c6d7564",
+      "created": "2020-11-10T17:08:35.771Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -42864,11 +40484,82 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:36:12.585Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has deleted or renamed specific files.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2023-04-05T17:00:11.412Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d",
+      "created": "2023-03-16T18:28:40.419Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:28:40.419Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc",
+      "created": "2021-10-01T14:42:49.174Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:26:41.762Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2",
+      "created": "2020-07-15T20:20:59.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:29:29.307Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -42878,10 +40569,33 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--5a277966-4559-487e-bdfb-7be6366ccdb6",
       "type": "relationship",
-      "id": "relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb",
-      "created": "2020-11-10T17:08:35.846Z",
+      "created": "2019-09-03T19:45:48.508Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.114Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take pictures with the device cameras.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cda58372-ae70-4716-8baf-cc06cb884ad6",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.015Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
           "source_name": "Lookout Uyghur Campaign",
@@ -42889,17 +40603,312 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
+      "modified": "2020-12-24T22:04:28.015Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de",
+      "type": "relationship",
+      "created": "2019-10-14T20:49:24.571Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-10-14T20:49:24.571Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about running processes.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2",
+      "created": "2020-07-27T14:14:57.020Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:52:46.975Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can modify the SELinux enforcement mode.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03",
+      "created": "2020-12-24T21:45:56.962Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:14:46.472Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access call logs.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a",
+      "type": "relationship",
+      "created": "2019-08-09T17:53:48.716Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.716Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can capture photos using the front and back cameras.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c",
+      "created": "2023-03-20T18:51:29.814Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:51:29.814Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7",
+      "created": "2023-03-20T18:57:42.922Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:57:42.922Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c574251b-93ad-4f55-8b84-2700dfab4622",
+      "created": "2020-07-15T20:20:59.280Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:45:27.443Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can hide its icon on older Android versions.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--db1201f0-f925-4c3c-8673-7524a8c20886",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.274Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.274Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has recorded calls.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c",
+      "created": "2017-10-25T14:48:53.747Z",
+      "x_mitre_version": "1.0",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used specially crafted SMS messages to control the target device.(Citation: Lookout Uyghur Campaign) ",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges.  ",
+      "modified": "2022-03-30T20:32:46.334Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3230c032-17e0-49f7-b948-c157049aafe2",
+      "created": "2017-10-25T14:48:53.742Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.",
+      "modified": "2022-04-01T15:34:50.556Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea",
+      "created": "2022-04-06T13:40:14.515Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 10 Privacy Changes",
+          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
+          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 10 prevents applications from accessing clipboard data unless the application is on the foreground or is set as the device’s default input method editor (IME).(Citation: Android 10 Privacy Changes)",
+      "modified": "2022-04-06T13:40:14.515Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b477afcb-7449-4fae-b4aa-c512c22d7500",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.394Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.394Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--327d0102-2113-4e12-be68-504db097a6fd",
+      "created": "2019-08-07T15:57:13.409Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:01:31.230Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) communicates with the command and control server using HTTP requests.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -42936,164 +40945,6 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "type": "relationship",
-      "id": "relationship--80778a1e-715d-477b-87fa-e92181b31659",
-      "created": "2020-12-24T21:45:56.967Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:15:22.472Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d",
-      "created": "2019-09-23T13:36:08.451Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) procedurally generates subdomains for command and control communication.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4896e256-fb04-403c-bbb7-2323b158a6e0",
-      "created": "2022-03-30T19:52:05.143Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:52:05.143Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bd351b17-e995-4528-bbea-e1138c51476a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.683Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416",
-      "created": "2023-03-20T18:52:56.247Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:56.247Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--38962b26-7cbe-4761-8b4f-50a022167c4d",
-      "created": "2019-09-03T20:08:00.708Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) checks for antivirus software contained in a predefined list.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T16:55:56.825Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f",
-      "created": "2023-03-20T18:43:14.051Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:14.051Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "type": "relationship",
       "id": "relationship--8ff45341-60d6-40d3-bb38-566814a466f9",
@@ -43120,6 +40971,448 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Obad",
+          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[OBAD](https://attack.mitre.org/software/S0286) contains encrypted code along with an obfuscated decryption routine to make it difficult to analyze.(Citation: TrendMicro-Obad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4",
+      "created": "2022-04-05T19:38:41.538Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
+      "modified": "2022-04-05T19:38:41.538Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5e95ca90-bf75-4031-a28f-f8565c02185c",
+      "created": "2020-11-24T17:55:12.883Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:23:49.569Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can lock the user out of the device by showing a persistent overlay.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c",
+      "created": "2023-03-03T16:24:30.564Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:24:30.564Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has hijacked normal application’s launch routines to display ads.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.885Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.885Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used timers to enable Wi-Fi, ping the C2 server, register the device with the C2, and register wake locks on the system.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c",
+      "created": "2022-04-01T18:48:03.156Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:48:03.156Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc",
+      "created": "2022-03-30T19:36:20.304Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.",
+      "modified": "2022-03-30T19:36:20.304Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--22290cce-856a-46d5-9589-699f5dfc1429",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "modified": "2020-07-20T13:49:03.687Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) covertly records phone calls.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--27490b14-8044-408a-8c6a-6d8427eb78ff",
+      "created": "2023-03-20T18:44:26.233Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:44:26.233Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2",
+      "created": "2020-04-24T17:46:31.589Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:00:28.299Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) communicates with the C2 by sending JSON objects over unencrypted HTTP requests.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e3d04885-95a5-47cb-a038-b58542cf787d",
+      "created": "2019-09-03T19:45:48.487Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:08:39.524Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate the call log.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7",
+      "type": "relationship",
+      "created": "2019-10-15T19:33:42.204Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
+        }
+      ],
+      "modified": "2019-10-15T19:33:42.204Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can track the device's location.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.488Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.704Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489)’s code is obfuscated.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-DualToy",
+          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DualToy](https://attack.mitre.org/software/S0315) side loads malicious or risky apps to both Android and iOS devices via a USB connection.(Citation: PaloAlto-DualToy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9c853c22-7607-4cbd-b114-08aaa4625c35",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.405Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-28T18:47:52.600Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f",
+      "created": "2020-09-11T14:54:16.642Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:21:19.617Z",
+      "description": "If running on a Huawei device, [Desert Scorpion](https://attack.mitre.org/software/S0505) adds itself to the protected apps list, which allows it to run with the screen off.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.897Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.897Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the user’s browser cookies.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e",
+      "created": "2020-01-27T17:05:58.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:28:07.442Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) registers for the `USER_PRESENT` broadcast intent and uses it as a trigger to take photos with the front-facing camera.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890",
+      "created": "2023-01-18T19:09:40.955Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:58:45.439Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can record the screen via the `MediaProjection` library to harvest user credentials, including biometric PINs.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0",
@@ -43150,16 +41443,62 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--5417959b-9478-49fb-b779-3c82a10ad080",
       "type": "relationship",
-      "id": "relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c",
-      "created": "2022-04-01T18:48:03.156Z",
+      "created": "2020-12-17T20:15:22.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.498Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2",
+      "type": "relationship",
+      "created": "2020-09-11T15:53:38.453Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "modified": "2020-09-11T15:53:38.453Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can automatically reply to SMS messages, and optionally delete them.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2f55e452-f8b3-402b-a193-d261dac9f327",
+      "created": "2022-04-01T18:53:48.715Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-01T18:48:03.156Z",
+      "modified": "2022-04-01T18:53:48.715Z",
       "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "source_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
       "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -43169,195 +41508,213 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0",
       "type": "relationship",
-      "id": "relationship--9432fabf-9487-469c-86c9-b9d26b013c85",
-      "created": "2022-04-01T13:13:10.587Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Call Log access an uncommonly needed permission, so users should be instructedto use extra scrutiny when granting access to their call logs. ",
-      "modified": "2022-04-01T13:13:10.587Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2020-12-14T14:52:03.396Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5e95ca90-bf75-4031-a28f-f8565c02185c",
-      "created": "2020-11-24T17:55:12.883Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:23:49.569Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can lock the user out of the device by showing a persistent overlay.(Citation: Talos GPlayed)",
+      "modified": "2020-12-16T20:52:21.426Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can download additional overlay templates.(Citation: Sophos Red Alert 2.0)",
       "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71",
-      "created": "2022-03-30T20:53:54.296Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:53:54.296Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1",
-      "created": "2020-07-15T20:20:59.227Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:33:57.748Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access SMS messages.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6cace9e3-f095-4914-bddc-24cec8bcc859",
-      "type": "relationship",
-      "created": "2020-09-24T15:34:51.276Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "modified": "2020-09-24T15:34:51.276Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8",
-      "created": "2022-03-30T18:06:21.355Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Symantec-iOSProfile2",
-          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
-          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
-        },
-        {
-          "source_name": "Android-TrustedCA",
-          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
-          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
-      "modified": "2022-03-30T18:06:21.355Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6c35f99c-153d-4023-a29a-821488ce5418",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.383Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.383Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of installed applications to compare to a list of targeted applications.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817",
-      "created": "2019-09-20T18:03:57.062Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android 10 Execute",
-          "url": "https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission",
-          "description": "Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September 20, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)",
-      "modified": "2022-04-01T18:37:44.516Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0008005f-ca51-47c3-8369-55ee5de1c65a",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:43:54.975Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) uses an Android broadcast receiver to automatically start when the device boots.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--98b14660-79e1-4244-99c2-3dedd84eb68d",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.582Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.582Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can track the device’s location.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-RCSAndroid",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can use SMS for command and control.(Citation: TrendMicro-RCSAndroid)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--605d95a1-0493-418e-9d81-de58531c4421",
+      "created": "2020-04-24T15:12:11.217Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:04:31.136Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd",
+      "created": "2023-03-20T18:51:58.152Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:51:58.152Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.567Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.567Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has encrypted exfiltrated data using AES in ECB mode.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb",
+      "created": "2020-12-14T14:52:03.184Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has used malicious overlays to collect banking credentials.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5",
+      "created": "2023-03-20T15:21:12.492Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:21:12.492Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--322d0123-ea4c-4562-a718-672952c83d05",
@@ -43381,115 +41738,17 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--2e913583-123a-47af-8872-98fc12ab4a6a",
       "type": "relationship",
-      "created": "2020-11-24T17:55:12.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.846Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can send SMS messages.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0",
-      "created": "2020-10-29T17:48:27.394Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:30:18.307Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.282Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.282Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can record the screen.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2",
-      "created": "2023-01-18T21:24:28.714Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:55:39.648Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use a Domain Generation Algorithm to decode the C2 server location.(Citation: nccgroup_sharkbot_0322) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1284f6fe-d352-415c-9479-82141524380a",
-      "created": "2022-03-30T18:06:48.250Z",
+      "id": "relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a",
+      "created": "2022-03-30T19:54:43.835Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
-      "modified": "2022-03-30T18:06:48.250Z",
+      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
+      "modified": "2022-03-30T19:54:43.835Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -43498,387 +41757,105 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d886f368-a38b-4cb3-906f-9b284f58b369",
       "type": "relationship",
-      "created": "2019-12-10T16:07:41.066Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2019-12-10T16:07:41.066Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) decrypts executables from archive files stored in the `assets` directory of the installation binary.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9",
-      "created": "2019-07-16T14:33:12.113Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Krebs-Triada June 2019",
-          "url": "https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/",
-          "description": "Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019."
-        },
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
+      "id": "relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47",
+      "created": "2022-04-01T17:08:41.293Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.(Citation: Google Triada June 2019)(Citation: Krebs-Triada June 2019)",
-      "modified": "2022-04-19T15:47:32.152Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
+      "modified": "2022-04-01T17:08:41.293Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac",
       "type": "relationship",
-      "id": "relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
-          "source_name": "ArsTechnica-HummingBad",
-          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
-          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-21T18:51:23.251Z",
-      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can create fraudulent statistics inside the official Google Play Store, and has generated revenue from installing fraudulent apps and displaying malicious advertisements.(Citation: ArsTechnica-HummingBad)",
+      "modified": "2019-08-09T17:52:31.748Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) checks if the device is on Wi-Fi, a cellular network, and is roaming.(Citation: Lookout-PegasusAndroid)",
       "relationship_type": "uses",
-      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c",
-      "created": "2019-11-21T19:16:34.820Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.(Citation: CheckPoint SimBad 2019)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--48854999-1c12-4454-bb7c-051691a081f9",
-      "created": "2022-03-28T19:25:49.640Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Ensure Verified Boot is enabled on devices with that capability.",
-      "modified": "2022-03-28T19:25:49.640Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847",
-      "created": "2022-04-06T13:30:03.526Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.",
-      "modified": "2022-04-06T13:30:03.527Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2793d721-df10-4621-8387-f3342def59a1",
-      "created": "2022-03-30T18:14:36.786Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
-      "modified": "2022-03-30T18:14:36.786Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--891edea2-817c-4eeb-9991-b6e095c269a8",
-      "created": "2020-06-02T14:32:31.903Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:40:06.957Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fe794ba6-42be-4d42-a16f-a41473874331",
-      "created": "2022-03-30T15:08:13.679Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android-VerifiedBoot",
-          "url": "https://source.android.com/security/verifiedboot/",
-          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
-      "modified": "2022-03-30T15:08:13.679Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea",
-      "created": "2022-04-06T13:40:14.515Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android 10 Privacy Changes",
-          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
-          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 10 prevents applications from accessing clipboard data unless the application is on the foreground or is set as the device’s default input method editor (IME).(Citation: Android 10 Privacy Changes)",
-      "modified": "2022-04-06T13:40:14.515Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3b24a287-36e1-49b9-811d-c0080147ff57",
-      "created": "2023-03-20T18:41:47.754Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:47.754Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f",
-      "created": "2022-03-30T20:07:33.291Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:07:33.291Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f051c943-998c-4db2-9dbc-d4755057bcf0",
-      "created": "2022-04-05T19:49:06.417Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-05T19:49:06.417Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd",
-      "created": "2021-01-05T20:16:20.488Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can launch a fake Facebook login page.(Citation: Zscaler TikTok Spyware)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.450Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device network configuration information, such as Wi-Fi SSID and IMSI.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
       "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:02:40.717Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used HTTP uploads to a URL as a command and control mechanism.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
+      "type": "relationship",
+      "id": "relationship--b7a31a11-6c84-4c28-a548-4751e4d71134",
+      "created": "2020-05-04T14:04:56.158Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can perform SMS fraud on older versions of the malware, and toll fraud on newer versions.(Citation: Google Bread)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.713Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.713Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can collect notes and data from the MiCode app.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07",
-      "created": "2023-03-20T18:54:25.458Z",
+      "id": "relationship--d63de13b-0253-42f4-b13d-34bccf76ad94",
+      "created": "2023-03-20T18:54:50.323Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:54:25.458Z",
+      "modified": "2023-03-20T18:54:50.323Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
       "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
@@ -43890,392 +41867,25 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341",
       "type": "relationship",
-      "created": "2019-07-16T14:33:12.085Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "modified": "2020-04-27T16:52:49.480Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) utilizes a backdoor in a Play Store app to install additional trojanized apps from the Command and Control server.(Citation: Google Triada June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7965128c-89d6-411e-b765-c60e0cae96c6",
-      "created": "2023-02-06T19:40:36.807Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:36:23.084Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can manipulate clipboard data to replace cryptocurrency addresses.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf",
-      "created": "2023-02-06T18:59:46.976Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:12:28.993Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can collect device IP address and SIM information.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2",
-      "created": "2022-03-30T19:12:31.481Z",
+      "id": "relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d",
+      "created": "2022-03-30T20:13:40.625Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:12:31.481Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.308Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.308Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encodes its configurations using a customized algorithm.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3",
-      "type": "relationship",
-      "created": "2021-04-19T14:29:46.530Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-04-19T14:29:46.530Z",
-      "description": " [SilkBean](https://attack.mitre.org/software/S0549) can send SMS messages.(Citation: Lookout Uyghur Campaign) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383",
-      "created": "2022-04-05T20:17:46.149Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:17:46.149Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--393e8c12-a416-4575-ba90-19cc85656796",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--529107fd-6420-4573-8dbf-cdcd49c2708c",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.307Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.307Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can gather device network information.(Citation: Cybereason EventBot) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.496Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-14T16:47:53.226Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two extracts information from Facebook, Facebook Messenger, Gmail, IMO, Skype, Telegram, Viber, WhatsApp, and WeChat.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cc345ae4-0d60-4f21-98b3-596c15118745",
-      "created": "2023-02-06T19:42:46.814Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:38:03.367Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can send SMS messages.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a20493e1-4699-405d-a291-c28aae8ed737",
-      "created": "2022-04-18T16:53:24.617Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. [RedDrop](https://attack.mitre.org/software/S0326) also downloads additional components (APKs, JAR files) from different C2 servers.(Citation: Wandera-RedDrop) ",
-      "modified": "2022-04-20T16:33:23.507Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb",
-      "created": "2023-03-20T18:58:14.140Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:14.140Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306",
-      "type": "relationship",
-      "created": "2020-05-07T15:33:32.778Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-07T15:33:32.778Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d",
-      "created": "2023-02-06T19:01:08.265Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:07:32.636Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) has encoded files, such as exploit binaries, to potentially use during and after the rooting process.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d",
-      "created": "2023-03-16T18:28:40.419Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:28:40.419Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80",
-      "created": "2022-03-31T19:51:41.431Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
-      "modified": "2022-03-31T19:51:41.431Z",
+      "description": "Users should be shown what a synthetic activity looks like so they can scrutinize them in the future.",
+      "modified": "2022-03-30T20:13:40.625Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf",
-          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
-          "source_name": "CrowdStrike-Android"
-        }
-      ],
-      "modified": "2020-03-20T16:37:06.668Z",
-      "description": "(Citation: CrowdStrike-Android)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c",
-      "target_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3841024e-1047-40fa-9e25-ac6d5c14612a",
-      "created": "2023-02-28T21:41:22.768Z",
+      "id": "relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3",
+      "created": "2023-02-28T21:44:45.063Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -44288,11 +41898,312 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-29T21:25:52.302Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view device contacts.(Citation: cloudmark_tanglebot_0921)",
+      "modified": "2023-03-29T21:26:33.166Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can use overlays to cover legitimate applications or screens.(Citation: cloudmark_tanglebot_0921)",
       "relationship_type": "uses",
       "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ArsTechnica-HummingWhale",
+          "url": "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/",
+          "description": "Dan Goodin. (2017, January 23). Virulent Android malware returns, gets >2 million downloads on Google Play. Retrieved January 24, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[HummingWhale](https://attack.mitre.org/software/S0321) generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, [HummingWhale](https://attack.mitre.org/software/S0321) runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.(Citation: ArsTechnica-HummingWhale)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Tripwire-MazarBOT",
+          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/",
+          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can send messages to premium-rate numbers.(Citation: Tripwire-MazarBOT)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86",
+      "created": "2022-04-06T13:55:37.498Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised that applications generally do not require permission to send SMS messages.",
+      "modified": "2022-04-06T13:55:37.498Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d",
+      "created": "2019-07-10T15:35:43.658Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:57:40.371Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) gathers and exfiltrates data about nearby Wi-Fi access points.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.174Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather cellular IDs.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80",
+      "created": "2022-03-30T19:33:05.375Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates typically provide patches for vulnerabilities that enable device rooting.",
+      "modified": "2022-03-30T19:33:05.375Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164",
+      "type": "relationship",
+      "created": "2020-01-27T17:49:05.664Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:49:05.664Z",
+      "description": "(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
+      "target_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0ae94053-1963-45ba-a3a9-62e508281c8e",
+      "created": "2023-01-19T18:06:36.986Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:21:58.318Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can install malicious configurations on iPhones to allow malware to be installed via Ad Hoc distribution.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7696b512-ba2f-4310-86e1-7c528529fc5e",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.425Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.425Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5107be8a-b5fc-4442-af0d-2c92e086a912",
+      "type": "relationship",
+      "created": "2020-05-11T16:13:43.062Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-11T16:13:43.062Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Adware",
+          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:26:05.199Z",
+      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.(Citation: Lookout-Adware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab",
+      "created": "2023-01-18T19:16:15.534Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:54:10.458Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use keylogging to steal user banking credentials.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -44300,25 +42211,216 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8",
-      "created": "2019-09-04T15:38:56.721Z",
+      "id": "relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7",
+      "created": "2020-07-20T13:27:33.440Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "FortiGuard-FlexiSpy",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:48:43.225Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses root access to establish reboot hooks to re-install the application from `/data/misc/adn`.(Citation: FortiGuard-FlexiSpy) At boot, [FlexiSpy](https://attack.mitre.org/software/S0408) spawns daemons for process monitoring, call monitoring, call managing, and system.(Citation: FortiGuard-FlexiSpy)",
+      "modified": "2023-04-05T20:26:22.984Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect SMS messages.(Citation: Talos-WolfRAT)",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eb052029-e1c9-4f24-8594-299aaec7f1df",
+      "created": "2020-12-14T14:52:03.351Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:42:46.952Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s call log.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--67aa692c-24e4-483e-996e-02ce1e861ec8",
+      "created": "2023-02-28T20:37:29.206Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:09:02.129Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can add display overlays onto banking apps to capture credit card information.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--592331d2-60a7-4264-b844-fbeb89b6386c",
+      "created": "2023-03-20T18:58:56.942Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:58:56.942Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca",
+      "created": "2022-04-06T13:22:57.754Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:22:57.754Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.305Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.305Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) abuses the accessibility service to prevent removing administrator permissions, accessibility permissions, and to set itself as the default SMS handler.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--554ec347-c8b2-43da-876b-36608dcc543d",
+      "created": "2017-10-25T14:48:53.746Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TelephonyManager",
+          "url": "https://developer.android.com/reference/android/telephony/TelephonyManager.html",
+          "description": "Android. (n.d.). TelephonyManager. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ",
+      "modified": "2022-03-30T21:04:59.921Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:53:53.384Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests contact lists from victims.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4aec0738-2c76-4dc7-af8a-87785e658193",
+      "created": "2021-10-01T14:42:49.152Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:26:18.801Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -44328,34 +42430,1914 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95",
       "type": "relationship",
-      "created": "2019-10-18T15:51:48.525Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2019-10-18T15:51:48.525Z",
-      "description": "Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.",
+      "id": "relationship--3e2474d3-f36d-4193-92f6-273296befdd3",
+      "created": "2022-04-05T19:38:18.760Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should protect their account credentials and enable multi-factor authentication options when available. ",
+      "modified": "2022-04-05T19:38:18.760Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0a737289-c62d-4c0a-a857-6d116f774864",
+      "type": "relationship",
+      "created": "2020-06-26T15:12:40.077Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:12:40.077Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2022-10-20T20:22:45.613Z",
-      "name": "Host Status",
-      "description": "Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1e286a4a-63cd-47df-a034-11a5d92daceb",
+      "created": "2022-04-06T15:41:03.981Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.1",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "created": "2021-10-20T15:05:19.272Z",
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:41:03.981Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6846dc09-b66a-42d3-aea2-c80b51f22952",
+      "created": "2023-02-28T21:42:31.008Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:42:31.008Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record audio using the device microphone.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1",
+      "created": "2021-10-01T14:42:49.176Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-15T17:33:49.565Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7",
+      "created": "2023-03-15T16:26:04.949Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "modified": "2023-03-15T16:26:04.949Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e",
+      "created": "2022-03-30T13:45:39.184Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T13:45:39.184Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-WireLurker",
+          "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[WireLurker](https://attack.mitre.org/software/S0312) obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.(Citation: PaloAlto-WireLurker)",
+      "relationship_type": "uses",
+      "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.371Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T21:00:05.246Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can send SMS messages.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--477edf7d-cc1f-49b7-9d96-f88399808775",
+      "created": "2022-04-05T20:15:43.660Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:15:43.660Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd",
+      "created": "2020-12-24T21:41:37.047Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-18T16:04:02.127Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d7aa436a-e66d-4217-be66-4414703dec07",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.634Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.634Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used incorrect file extensions and encryption to hide most of its assets, including secondary APKs, configuration files, and JAR or DEX files.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3bf5a566-986b-478c-b2da-e57caf261378",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.515Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.216Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-15T19:47:48.036Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8726b157-3575-450f-bb7f-f17bb18e6aef",
+      "created": "2022-03-30T20:41:43.314Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
+      "modified": "2022-03-30T20:41:43.314Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e03b25b0-0779-48da-b5d7-28f1f6106363",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.992Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:27.992Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de",
+      "created": "2023-01-18T19:16:45.773Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:07:34.581Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) has used custom encryption to hide strings, potentially to evade antivirus products.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--63e67cba-4eae-4495-8897-2610103a0c41",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) exploits iOS vulnerabilities to escalate privileges.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57",
+      "created": "2023-03-20T18:43:49.345Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:43:49.345Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f012feab-5612-429f-81bd-ff75d6ffd04e",
+      "created": "2022-04-05T17:03:34.941Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:03:34.941Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1",
+      "type": "relationship",
+      "created": "2020-07-20T13:49:03.693Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.242Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s IMSI and ICCID.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4586277d-bebd-4717-87c6-a31a9be741ed",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.982Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.982Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can get file lists on the SD card.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--45253350-c802-4566-a72d-57d43d05fd63",
+      "type": "relationship",
+      "created": "2020-05-07T15:24:49.530Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-05-27T13:23:34.536Z",
+      "description": "Security updates frequently contain patches to vulnerabilities.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9",
+      "created": "2021-01-05T20:16:20.500Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:27:33.948Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect SMS messages from the device.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c",
+      "created": "2021-01-05T20:16:20.508Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:40:43.898Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect the device’s call logs.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.255Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T14:52:03.255Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has stored data embedded in the strings.xml resource file.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e7af5be1-721f-40c5-b647-659243a0a14b",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.321Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:50:02.057Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can record phone calls and audio.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e",
+      "created": "2022-03-30T20:45:34.433Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Package Visibility",
+          "url": "https://developer.android.com/training/package-visibility",
+          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
+      "modified": "2022-04-11T19:19:52.562Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--50c81a85-8c70-48df-a338-8622d2debc74",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:38:39.008Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather call logs.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549",
+      "created": "2023-03-20T18:24:56.396Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:24:56.396Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bde9304b-4421-4185-a2c6-dabe1c080587",
+      "created": "2023-03-16T18:31:48.708Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-16T18:31:48.708Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b",
+      "created": "2023-03-20T18:59:46.622Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:59:46.622Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:34:08.372Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) gathers contacts from the system by dumping the victim's address book.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5e360913-4986-4423-8d3c-46d3202b7787",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.471Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-10-14T17:51:37.979Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the salt used when storing the user’s password, aiding an adversary in computing the user’s plaintext password/PIN from the stored password hash. [Monokle](https://attack.mitre.org/software/S0407) can also capture the user’s dictionary, user-defined shortcuts, and browser history, enabling profiling of the user and their activities.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--75989cf6-c023-4ed3-9d23-a83f55690186",
+      "created": "2023-02-28T21:43:36.886Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:43:36.886Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can read incoming text messages.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--22708018-defd-4690-8b0f-fe47e11cb5d6",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.316Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.316Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can capture all device notifications and hide notifications from the user.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--684c17bb-2075-4e1f-9fcb-17408511222d",
+      "type": "relationship",
+      "created": "2021-09-20T13:54:19.957Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:54:19.957Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can silently accept an incoming phone call.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f",
+      "created": "2023-03-20T15:56:34.418Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T15:56:34.418Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7",
+      "created": "2020-11-24T17:55:12.889Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:22:27.554Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request device administrator permissions.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9",
+      "created": "2020-09-15T15:18:12.419Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:56:18.859Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s contact list.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a451966b-f826-422b-9505-f564b9988a9c",
+      "created": "2020-12-24T21:55:56.693Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:27:39.012Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used both FTP and TCP sockets for data exfiltration.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e457921c-4a0b-4d6e-92e7-553929ddf943",
+      "created": "2023-02-06T18:51:14.919Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:23:48.120Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can download and install additional malware after initial infection.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55",
+      "created": "2023-03-03T16:23:56.031Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:23:56.031Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected the device UUID.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d2749285-47d9-44a4-962f-9215e6fb580e",
+      "created": "2020-10-29T17:48:27.380Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:54:30.569Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can access the device’s contact list.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--97738857-d496-4d39-9809-1921e0ad10b7",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.125Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.125Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--13aba849-5004-4457-9f3b-49e470b589e0",
+      "created": "2023-03-20T18:43:44.617Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:43:44.617Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--51457698-e98b-435a-88c2-75a82cdc2bda",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:38:56.380Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--209aa948-393c-46b0-9488-ef93a6252438",
+      "created": "2022-03-30T20:07:19.296Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:07:19.296Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--93b6bf37-5614-4317-8ed7-42f098152c40",
+      "created": "2023-02-28T20:39:18.320Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:10:38.672Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use a SOCKS proxy to evade C2 IP detection.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.603Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.603Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can steal pictures from the device.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used SMS to receive command and control messages.(Citation: Kaspersky-WUC)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3",
+      "created": "2020-09-15T15:18:12.462Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:42:40.327Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can hide its icon if it detects that it is being run on an emulator.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.644Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.644Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has gathered device metadata, including model, manufacturer, SD card size, disk usage, memory, CPU, and serial number.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.381Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-28T18:59:33.140Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has collected the device’s phone number and can check if the active network connection is metered.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016",
+      "created": "2022-04-15T18:12:53.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Xiao-KeyRaider",
+          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:28:29.839Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can install attacker-specified certificates to the device's trusted certificate store, enabling an adversary to perform adversary-in-the-middle attacks.(Citation: Xiao-KeyRaider)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f0851531-e554-4658-920c-f2342632c19a",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Adware",
+          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is packed with at least eight publicly available exploits that can perform rooting.(Citation: Lookout-Adware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:25:52.381Z",
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1c180c0e-c789-4176-b568-789ada9487bb",
+      "type": "relationship",
+      "created": "2020-10-29T19:21:23.162Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:21:23.162Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if *developer mode* is enabled.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--de4ecfa3-fa91-4377-810c-5c567de9688b",
+      "created": "2021-01-05T20:16:20.490Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:38:01.842Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can delete attacker-specified files.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.746Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-01T19:48:44.878Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has searched device storage for various files, including .amr files (audio recordings) and superuser binaries.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d",
+      "created": "2023-02-28T21:43:12.487Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:43:12.487Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can make and block phone calls.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7",
+      "created": "2023-01-18T19:19:34.604Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:52:35.805Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can send stolen data back to the C2 server.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f5d24a31-53d2-4e84-9110-2da0582132cb",
+      "created": "2020-05-07T15:33:32.936Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440)’s core malware is disguised as a JPG file, and encrypted with an XOR cipher.(Citation: CheckPoint Agent Smith)",
+      "modified": "2022-04-15T16:44:17.145Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31",
+      "created": "2022-04-06T13:41:17.517Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:41:17.517Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "modified": "2019-10-10T15:24:09.355Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can activate the victim's microphone.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2acc0c1a-af30-4410-976b-31148df5378d",
+      "created": "2022-03-28T19:39:42.538Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-28T19:39:42.538Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b",
+      "created": "2021-01-05T20:16:20.492Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:47:18.774Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has registered for device boot, incoming, and outgoing calls broadcast intents.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5",
+      "created": "2023-03-03T16:26:20.400Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:26:20.400Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected information about running processes.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3bf4b093-a1a3-48da-9236-bce9514765eb",
+      "created": "2022-04-05T19:46:05.853Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Samsung Keyboards",
+          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
+          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards)",
+      "modified": "2022-04-05T19:46:05.853Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45",
+      "created": "2023-02-06T19:47:26.528Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:47:26.528Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has been distributed in obfuscated and packed form.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--70fa8498-6117-4e15-ae3c-f53d63996826",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.050Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.050Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect the device’s location.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396",
+      "created": "2023-03-20T18:40:12.814Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:40:12.814Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.688Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.688Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured audio and can record phone calls.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd",
+      "created": "2022-04-01T18:50:00.027Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:50:00.027Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--290a627d-172d-494d-a0cc-685f480a1034",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:36:27.983Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects call logs.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--084786ee-9384-4a00-9e1b-48f94ea70126",
+      "created": "2019-09-03T19:45:48.517Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:09:45.426Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate calendar events.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--03172b09-4f97-4fb8-95f0-92b2d8957408",
+      "created": "2020-06-26T14:55:13.349Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) has encrypted base64-encoded payload data using RC4 and Curve25519.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-18T15:57:14.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--48486680-530c-4ed9-aca3-94969aa262b6",
+      "created": "2019-07-10T15:35:43.665Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:38:00.609Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0a610208-06af-425f-a9af-cd0899261e33",
+      "type": "relationship",
+      "created": "2020-09-11T15:45:38.450Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:45:38.450Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can send SMS messages.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0291c9d5-8977-420d-8374-b786e3095a73",
+      "created": "2023-03-20T18:49:53.204Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-20T18:49:53.204Z",
+      "description": "",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364",
+      "created": "2023-02-06T19:46:19.592Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:46:19.592Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has C2 commands to add an infected device to a DDoS pool.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c",
+      "created": "2023-01-18T21:38:58.113Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:49:16.069Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use input injection via Accessibility Services to simulate user touch inputs, prevent applications from opening, change device settings, and bypass MFA protections.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -44379,27 +44361,6 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "modified": "2023-03-13T20:47:52.557Z",
-      "name": "System Notifications",
-      "description": "Notifications generated by the OS",
-      "x_mitre_data_source_ref": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "created": "2023-03-13T20:47:52.557Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "modified": "2023-03-13T20:48:14.540Z",
       "name": "System Settings",
@@ -44421,27 +44382,6 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "modified": "2023-03-13T20:00:08.487Z",
-      "name": "Permissions Requests",
-      "description": "Permissions declared in an application's manifest or property list file",
-      "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "created": "2023-03-13T20:00:08.487Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "aliases": [
         "Windshift",
@@ -44491,9 +44431,80 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-13T19:59:42.141Z",
-      "name": "Network Communication",
-      "description": "Network requests made by an application or domains contacted",
+      "aliases": [
+        "Dark Caracal"
+      ],
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "mobile-attack"
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "type": "intrusion-set",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/groups/G0070",
+          "external_id": "G0070"
+        },
+        {
+          "source_name": "Dark Caracal",
+          "description": "(Citation: Lookout Dark Caracal Jan 2018)"
+        },
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2021-10-11T19:08:18.503Z",
+      "name": "Dark Caracal",
+      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. (Citation: Lookout Dark Caracal Jan 2018)",
+      "x_mitre_version": "1.3",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
+      "type": "x-mitre-data-component",
+      "created": "2021-10-20T15:05:19.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-20T15:05:19.272Z",
+      "name": "Process Metadata",
+      "description": "Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.",
+      "x_mitre_data_source_ref": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2022-10-20T20:22:45.613Z",
+      "name": "Host Status",
+      "description": "Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.1",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "created": "2021-10-20T15:05:19.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-03-13T20:00:08.487Z",
+      "name": "Permissions Requests",
+      "description": "Permissions declared in an application's manifest or property list file",
       "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
       "x_mitre_deprecated": false,
       "x_mitre_domains": [
@@ -44501,29 +44512,8 @@
       ],
       "x_mitre_version": "1.0",
       "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "created": "2023-03-13T19:59:42.141Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-03-13T20:47:24.038Z",
-      "name": "Permissions Request",
-      "description": "System prompts triggered when an application requests new or additional permissions",
-      "x_mitre_data_source_ref": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "created": "2023-03-13T20:47:24.038Z",
+      "id": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "created": "2023-03-13T20:00:08.487Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -44578,6 +44568,61 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+      "type": "x-mitre-data-component",
+      "created": "2021-10-20T15:05:19.274Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-20T15:05:19.274Z",
+      "name": "Network Traffic Flow",
+      "description": "Summarized network packet data, with metrics, such as protocol headers and volume (ex: Netflow or Zeek http.log)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2022-10-20T20:18:06.745Z",
+      "name": "Network Connection Creation",
+      "description": "Initial construction of a network connection, such as capturing socket information with a source/destination IP and port(s) (ex: Windows EID 5156, Sysmon EID 3, or Zeek conn.log)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.1",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "created": "2021-10-20T15:05:19.274Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-03-13T20:47:52.557Z",
+      "name": "System Notifications",
+      "description": "Notifications generated by the OS",
+      "x_mitre_data_source_ref": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "created": "2023-03-13T20:47:52.557Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2022-09-30T21:05:22.490Z",
       "name": "Operation Dust Storm",
@@ -44619,40 +44664,24 @@
       ]
     },
     {
-      "aliases": [
-        "Dark Caracal"
-      ],
+      "modified": "2023-03-13T19:59:42.141Z",
+      "name": "Network Communication",
+      "description": "Network requests made by an application or domains contacted",
+      "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
+      "x_mitre_deprecated": false,
       "x_mitre_domains": [
-        "enterprise-attack",
         "mobile-attack"
       ],
+      "x_mitre_version": "1.0",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "created": "2023-03-13T19:59:42.141Z",
+      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "type": "intrusion-set",
-      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_attack_spec_version": "3.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/groups/G0070",
-          "external_id": "G0070"
-        },
-        {
-          "source_name": "Dark Caracal",
-          "description": "(Citation: Lookout Dark Caracal Jan 2018)"
-        },
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2021-10-11T19:08:18.503Z",
-      "name": "Dark Caracal",
-      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. (Citation: Lookout Dark Caracal Jan 2018)",
-      "x_mitre_version": "1.3",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -44672,234 +44701,18 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2022-10-20T20:18:06.745Z",
-      "name": "Network Connection Creation",
-      "description": "Initial construction of a network connection, such as capturing socket information with a source/destination IP and port(s) (ex: Windows EID 5156, Sysmon EID 3, or Zeek conn.log)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.1",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
-      "created": "2021-10-20T15:05:19.274Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
-      "type": "x-mitre-data-component",
-      "created": "2021-10-20T15:05:19.272Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-20T15:05:19.272Z",
-      "name": "Process Metadata",
-      "description": "Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.",
-      "x_mitre_data_source_ref": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
-      "type": "x-mitre-data-component",
-      "created": "2021-10-20T15:05:19.274Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-20T15:05:19.274Z",
-      "name": "Network Traffic Flow",
-      "description": "Summarized network packet data, with metrics, such as protocol headers and volume (ex: Netflow or Zeek http.log)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "aliases": [
-        "Bouncing Golf"
-      ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
-      "type": "intrusion-set",
-      "created": "2020-01-27T16:55:39.688Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "external_id": "G0097",
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/groups/G0097"
-        },
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
-        }
-      ],
-      "modified": "2020-03-26T20:58:44.722Z",
-      "name": "Bouncing Golf",
-      "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-03-08T22:12:31.238Z",
-      "name": "Sandworm Team",
-      "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)",
-      "aliases": [
-        "Sandworm Team",
-        "ELECTRUM",
-        "Telebots",
-        "IRON VIKING",
-        "BlackEnergy (Group)",
-        "Quedagh",
-        "Voodoo Bear",
-        "IRIDIUM"
-      ],
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "3.0",
-      "x_mitre_contributors": [
-        "Dragos Threat Intelligence"
-      ],
-      "type": "intrusion-set",
-      "id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
-      "created": "2017-05-31T21:32:04.588Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/groups/G0034",
-          "external_id": "G0034"
-        },
-        {
-          "source_name": "Voodoo Bear",
-          "description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "ELECTRUM",
-          "description": "(Citation: Dragos ELECTRUM)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "Sandworm Team",
-          "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014) (Citation: InfoSecurity Sandworm Oct 2014)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "Quedagh",
-          "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "IRIDIUM",
-          "description": "(Citation: Microsoft Prestige ransomware October 2022)"
-        },
-        {
-          "source_name": "BlackEnergy (Group)",
-          "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "Telebots",
-          "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "IRON VIKING",
-          "description": "(Citation: Secureworks IRON VIKING )(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "US District Court Indictment GRU Oct 2018",
-          "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.",
-          "url": "https://www.justice.gov/opa/page/file/1098481/download"
-        },
-        {
-          "source_name": "Dragos ELECTRUM",
-          "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.",
-          "url": "https://www.dragos.com/resource/electrum/"
-        },
-        {
-          "source_name": "F-Secure BlackEnergy 2014",
-          "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.",
-          "url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf"
-        },
-        {
-          "source_name": "iSIGHT Sandworm 2014",
-          "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html"
-        },
-        {
-          "source_name": "CrowdStrike VOODOO BEAR",
-          "description": "Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.",
-          "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/"
-        },
-        {
-          "source_name": "Microsoft Prestige ransomware October 2022",
-          "description": "MSTIC. (2022, October 14). New “Prestige” ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.",
-          "url": "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/"
-        },
-        {
-          "source_name": "InfoSecurity Sandworm Oct 2014",
-          "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.",
-          "url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/"
-        },
-        {
-          "source_name": "NCSC Sandworm Feb 2020",
-          "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.",
-          "url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory"
-        },
-        {
-          "source_name": "USDOJ Sandworm Feb 2020",
-          "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.",
-          "url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html"
-        },
-        {
-          "source_name": "US District Court Indictment GRU Unit 74455 October 2020",
-          "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.",
-          "url": "https://www.justice.gov/opa/press-release/file/1328521/download"
-        },
-        {
-          "source_name": "Secureworks IRON VIKING ",
-          "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.",
-          "url": "https://www.secureworks.com/research/threat-profiles/iron-viking"
-        },
-        {
-          "source_name": "UK NCSC Olympic Attacks October 2020",
-          "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.",
-          "url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_domains": [
-        "enterprise-attack",
-        "ics-attack",
-        "mobile-attack"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-03-13T20:00:38.029Z",
-      "name": "Protected Configuration",
-      "description": "Device configuration options that are not typically utilized by benign applications",
-      "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
+      "modified": "2023-03-13T20:47:24.038Z",
+      "name": "Permissions Request",
+      "description": "System prompts triggered when an application requests new or additional permissions",
+      "x_mitre_data_source_ref": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
       "x_mitre_deprecated": false,
       "x_mitre_domains": [
         "mobile-attack"
       ],
       "x_mitre_version": "1.0",
       "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
-      "created": "2023-03-13T20:00:38.029Z",
+      "id": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "created": "2023-03-13T20:47:24.038Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -44908,58 +44721,6 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "modified": "2022-10-07T16:15:56.932Z",
-      "name": "Process Creation",
-      "description": "The initial construction of an executable managed by the OS, that may involve one or more tasks or threads. (e.g. Win EID 4688, Sysmon EID 1, cmd.exe > net use, etc.)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.1",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
-      "created": "2021-10-20T15:05:19.272Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
-      "type": "x-mitre-data-component",
-      "created": "2021-10-20T15:05:19.274Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-20T15:05:19.274Z",
-      "name": "Network Traffic Content",
-      "description": "Logged network traffic data showing both protocol header and body values (ex: PCAP)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2022-10-07T16:14:39.124Z",
-      "name": "Command Execution",
-      "description": "The execution of a line of text, potentially with arguments, created from program code (e.g. a cmdlet executed via powershell.exe, interactive commands like >dir, shell executions, etc. )",
-      "x_mitre_data_source_ref": "x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.1",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
-      "created": "2021-10-20T15:05:19.273Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "modified": "2023-03-26T17:51:20.401Z",
       "name": "APT28",
@@ -45182,43 +44943,241 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-04-20T18:38:40.409Z",
-      "name": "Sensor Health",
-      "description": "Information from host telemetry providing insights about system status, errors, or other notable functional activity",
-      "x_mitre_platforms": [
-        "Linux",
-        "Windows",
-        "macOS",
-        "Android",
-        "iOS"
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
+      "type": "x-mitre-data-component",
+      "created": "2021-10-20T15:05:19.274Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-20T15:05:19.274Z",
+      "name": "Network Traffic Content",
+      "description": "Logged network traffic data showing both protocol header and body values (ex: PCAP)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2022-10-07T16:14:39.124Z",
+      "name": "Command Execution",
+      "description": "The execution of a line of text, potentially with arguments, created from program code (e.g. a cmdlet executed via powershell.exe, interactive commands like >dir, shell executions, etc. )",
+      "x_mitre_data_source_ref": "x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089",
       "x_mitre_deprecated": false,
+      "x_mitre_version": "1.1",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
+      "created": "2021-10-20T15:05:19.273Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2022-10-07T16:15:56.932Z",
+      "name": "Process Creation",
+      "description": "The initial construction of an executable managed by the OS, that may involve one or more tasks or threads. (e.g. Win EID 4688, Sysmon EID 1, cmd.exe > net use, etc.)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.1",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
+      "created": "2021-10-20T15:05:19.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "aliases": [
+        "Bouncing Golf"
+      ],
       "x_mitre_domains": [
-        "enterprise-attack",
         "mobile-attack"
       ],
-      "x_mitre_version": "1.1",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
+      "type": "intrusion-set",
+      "created": "2020-01-27T16:55:39.688Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "external_id": "G0097",
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/groups/G0097"
+        },
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+        }
+      ],
+      "modified": "2020-03-26T20:58:44.722Z",
+      "name": "Bouncing Golf",
+      "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-03-13T20:00:38.029Z",
+      "name": "Protected Configuration",
+      "description": "Device configuration options that are not typically utilized by benign applications",
+      "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
+      "created": "2023-03-13T20:00:38.029Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-03-08T22:12:31.238Z",
+      "name": "Sandworm Team",
+      "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)",
+      "aliases": [
+        "Sandworm Team",
+        "ELECTRUM",
+        "Telebots",
+        "IRON VIKING",
+        "BlackEnergy (Group)",
+        "Quedagh",
+        "Voodoo Bear",
+        "IRIDIUM"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "3.0",
       "x_mitre_contributors": [
-        "Center for Threat-Informed Defense (CTID)"
+        "Dragos Threat Intelligence"
       ],
-      "x_mitre_collection_layers": [
-        "Host"
-      ],
-      "type": "x-mitre-data-source",
-      "id": "x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159",
-      "created": "2021-10-20T15:05:19.272Z",
+      "type": "intrusion-set",
+      "id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
+      "created": "2017-05-31T21:32:04.588Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/datasources/DS0013",
-          "external_id": "DS0013"
+          "url": "https://attack.mitre.org/groups/G0034",
+          "external_id": "G0034"
+        },
+        {
+          "source_name": "Voodoo Bear",
+          "description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "ELECTRUM",
+          "description": "(Citation: Dragos ELECTRUM)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "Sandworm Team",
+          "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014) (Citation: InfoSecurity Sandworm Oct 2014)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "Quedagh",
+          "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "IRIDIUM",
+          "description": "(Citation: Microsoft Prestige ransomware October 2022)"
+        },
+        {
+          "source_name": "BlackEnergy (Group)",
+          "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "Telebots",
+          "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "IRON VIKING",
+          "description": "(Citation: Secureworks IRON VIKING )(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "US District Court Indictment GRU Oct 2018",
+          "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.",
+          "url": "https://www.justice.gov/opa/page/file/1098481/download"
+        },
+        {
+          "source_name": "Dragos ELECTRUM",
+          "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.",
+          "url": "https://www.dragos.com/resource/electrum/"
+        },
+        {
+          "source_name": "F-Secure BlackEnergy 2014",
+          "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.",
+          "url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf"
+        },
+        {
+          "source_name": "iSIGHT Sandworm 2014",
+          "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html"
+        },
+        {
+          "source_name": "CrowdStrike VOODOO BEAR",
+          "description": "Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.",
+          "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/"
+        },
+        {
+          "source_name": "Microsoft Prestige ransomware October 2022",
+          "description": "MSTIC. (2022, October 14). New “Prestige” ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.",
+          "url": "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/"
+        },
+        {
+          "source_name": "InfoSecurity Sandworm Oct 2014",
+          "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.",
+          "url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/"
+        },
+        {
+          "source_name": "NCSC Sandworm Feb 2020",
+          "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.",
+          "url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory"
+        },
+        {
+          "source_name": "USDOJ Sandworm Feb 2020",
+          "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.",
+          "url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html"
+        },
+        {
+          "source_name": "US District Court Indictment GRU Unit 74455 October 2020",
+          "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.",
+          "url": "https://www.justice.gov/opa/press-release/file/1328521/download"
+        },
+        {
+          "source_name": "Secureworks IRON VIKING ",
+          "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.",
+          "url": "https://www.secureworks.com/research/threat-profiles/iron-viking"
+        },
+        {
+          "source_name": "UK NCSC Olympic Attacks October 2020",
+          "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.",
+          "url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "x_mitre_domains": [
+        "ics-attack",
+        "enterprise-attack",
+        "mobile-attack"
+      ],
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -45336,6 +45295,47 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-04-20T18:38:40.409Z",
+      "name": "Sensor Health",
+      "description": "Information from host telemetry providing insights about system status, errors, or other notable functional activity",
+      "x_mitre_platforms": [
+        "Linux",
+        "Windows",
+        "macOS",
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.1",
+      "x_mitre_contributors": [
+        "Center for Threat-Informed Defense (CTID)"
+      ],
+      "x_mitre_collection_layers": [
+        "Host"
+      ],
+      "type": "x-mitre-data-source",
+      "id": "x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159",
+      "created": "2021-10-20T15:05:19.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/datasources/DS0013",
+          "external_id": "DS0013"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2023-04-20T18:38:13.356Z",
       "name": "Network Traffic",
@@ -45449,7 +45449,7 @@
     },
     {
       "definition": {
-        "statement": "Copyright 2015-2022, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation."
+        "statement": "Copyright 2015-2023, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation."
       },
       "id": "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168",
       "type": "marking-definition",
diff --git a/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json b/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
index b407286636..102b9e7e22 100644
--- a/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
+++ b/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3373332-ad2f-464a-afea-29cc32383f9f",
+    "id": "bundle--ef2b05e8-aa8a-4a2f-8060-24f4a315a0de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308.json b/mobile-attack/relationship/relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308.json
index 7f48f52c01..0a6415f051 100644
--- a/mobile-attack/relationship/relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308.json
+++ b/mobile-attack/relationship/relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06342a40-021f-49d9-bfe0-479fdcc4ab25",
+    "id": "bundle--c2877fc6-fa7f-4307-9927-61a8d17e430b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json b/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
index 6354519ec7..dd936d881c 100644
--- a/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
+++ b/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9630348a-0290-4ae1-8e13-14b1896c79fb",
+    "id": "bundle--7105a463-8b65-4754-b181-a255802ae64d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json b/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
index 735b289bd1..e5f82b1a67 100644
--- a/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
+++ b/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af690f27-d8bd-4353-911a-3e980855a7fb",
+    "id": "bundle--7aa75c95-3d29-4d6a-a84d-85333e380d9f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json b/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
index e56cd9f45e..f87fdc75af 100644
--- a/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
+++ b/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59e5a328-62a6-4a0b-b259-cc453dc49ac4",
+    "id": "bundle--1f580ea0-a6a0-4b26-b50b-880824da90f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json b/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
index 1e367d20a6..23d6aa9bed 100644
--- a/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
+++ b/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59861863-afe1-46f3-89e6-b6060da8a270",
+    "id": "bundle--61f19102-48d0-4081-8286-ae793f742605",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json b/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
index 959406e3a2..cfa09234be 100644
--- a/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
+++ b/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c02c566-0a83-4441-94d9-42f27428e503",
+    "id": "bundle--95147ff5-d828-4dfe-833e-3cf6f4262510",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3.json b/mobile-attack/relationship/relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3.json
index 37fc84b141..ade3f8786a 100644
--- a/mobile-attack/relationship/relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3.json
+++ b/mobile-attack/relationship/relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4faa2c3c-da80-42a8-83e7-a55631b5e0f0",
+    "id": "bundle--6e4e8111-6898-4a1d-aa27-6e74943453a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json b/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
index 780c41f9bc..756e801ad8 100644
--- a/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
+++ b/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a44f264-f96e-4092-9e70-8f6d60479254",
+    "id": "bundle--cbc6dd99-b3ff-4114-a1b0-229ca95d65ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json b/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
index 7b353888cf..a36e871e72 100644
--- a/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
+++ b/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--288bf00c-297c-461b-8ec0-a2a73edb7ea5",
+    "id": "bundle--436cfd1d-17fd-4d05-ba75-93a0e7d800aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json b/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
index 289e122710..a4da1f9ad2 100644
--- a/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
+++ b/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6678e1e3-b65c-49e8-b058-e9da076f0db3",
+    "id": "bundle--2a7935e6-1cdc-4e98-a50c-93a00283fc9c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0291c9d5-8977-420d-8374-b786e3095a73.json b/mobile-attack/relationship/relationship--0291c9d5-8977-420d-8374-b786e3095a73.json
index bc69fc0187..3ee7c2f2d9 100644
--- a/mobile-attack/relationship/relationship--0291c9d5-8977-420d-8374-b786e3095a73.json
+++ b/mobile-attack/relationship/relationship--0291c9d5-8977-420d-8374-b786e3095a73.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7333b52b-3a21-4a32-b179-fecd2353ff01",
+    "id": "bundle--60c68bb9-5f3c-4c27-b849-f655aaceaf8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json b/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
index cf9007e8b8..bba4e1b1d4 100644
--- a/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
+++ b/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d4a2716-0948-4a60-9d58-0bcb3f54eb1b",
+    "id": "bundle--f4e3731d-da40-4c81-8b7f-f9e40642aa3f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json b/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
index 7db528111f..2bca702cce 100644
--- a/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
+++ b/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f31a46a9-e3f2-497c-b983-9ef6f06b9204",
+    "id": "bundle--8bd11247-a65b-487b-9e47-4c142356acfc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json b/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
index 9564aded34..e765b091a0 100644
--- a/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
+++ b/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4bf3f156-26ee-4b61-8b51-c1302c9e95de",
+    "id": "bundle--fd8aa277-23e5-465c-be60-eaafcdd1b684",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json b/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
index d112634e4b..32f538c30e 100644
--- a/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
+++ b/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--634213c4-afa1-498e-82fc-786489d5c882",
+    "id": "bundle--1450b511-32b0-4b91-8d08-c18febd01faa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json b/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
index 2ca3bcd70f..3324f1efe9 100644
--- a/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
+++ b/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b365da9b-8c25-46e8-9dca-6bc80fa71e29",
+    "id": "bundle--1682386b-dcdd-4fbf-8593-f80f900253c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json b/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
index 6924ca34bc..91e379abc5 100644
--- a/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
+++ b/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--175543f7-5be5-4c5c-bcce-72ea7cdf1daf",
+    "id": "bundle--742fcfe1-4a75-4edc-946a-1015f60fbdbc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json b/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
index 1f7c5b64d9..96dc99ccab 100644
--- a/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
+++ b/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fae9c769-985f-4556-9501-a138f1f88ac8",
+    "id": "bundle--dd100834-eac2-4130-b0d6-c5cb87001d61",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json b/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
index 710123ab08..42922abd28 100644
--- a/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
+++ b/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8738e1aa-f779-425b-9c70-1a063ac13777",
+    "id": "bundle--b807a8cc-e1bd-4c26-b77c-16bdc7364e8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json b/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
index 4ca8090f0c..dd9f82123a 100644
--- a/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
+++ b/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fae1dc9-d1d9-4dd6-adea-49b72f135e56",
+    "id": "bundle--ba3f407d-f4ab-4b76-9412-af94cbd2109f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json b/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
index 2164063908..7758d89a95 100644
--- a/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
+++ b/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb458641-fb44-4d94-a8a0-696793b27a53",
+    "id": "bundle--e56f2a06-1106-446c-bd87-c5db2dbc53b1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--046acda0-91de-4385-bcfb-157570d8e51d.json b/mobile-attack/relationship/relationship--046acda0-91de-4385-bcfb-157570d8e51d.json
index 04dcb77318..6ba46277d8 100644
--- a/mobile-attack/relationship/relationship--046acda0-91de-4385-bcfb-157570d8e51d.json
+++ b/mobile-attack/relationship/relationship--046acda0-91de-4385-bcfb-157570d8e51d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24464e8e-0668-4faf-a026-569d1034e49c",
+    "id": "bundle--64a243f6-e88f-4134-9b3e-9d7339b08168",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json b/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
index 62cfcc7e7d..a744d6ce83 100644
--- a/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
+++ b/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6707d4dd-5a82-47ed-a811-c548ceb536c3",
+    "id": "bundle--3cf8e3e8-7f29-4669-9357-f38537838740",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json b/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
index b105c7485f..31796eaf90 100644
--- a/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
+++ b/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e3bf1b9-bfcd-4463-962a-5be3c50d03f0",
+    "id": "bundle--2b37c5b4-0503-4d43-b195-a0e229546cfb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json b/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
index 45e5ed1e74..753d334e68 100644
--- a/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
+++ b/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fbb5dd6b-6471-4f29-bbfb-ef7dc2908d7a",
+    "id": "bundle--c08975ba-a60f-411f-952a-fb6dc0f99953",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json b/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
index 2ba3a32665..e8b1516bed 100644
--- a/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
+++ b/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8bdf6705-8bf2-4d03-8739-3802ef6c55a4",
+    "id": "bundle--2ace3362-3f72-418e-995d-cd96cc326ba6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc.json b/mobile-attack/relationship/relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc.json
index 2d1face326..f4fa98fb37 100644
--- a/mobile-attack/relationship/relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc.json
+++ b/mobile-attack/relationship/relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a91051ec-dd66-4158-8ad0-29f93db9cfbf",
+    "id": "bundle--53435d78-83d2-4db9-8b07-ac740f111868",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json b/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
index ab5d93eb3d..74f2c16078 100644
--- a/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
+++ b/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d30fefe-51fb-4b06-8ae7-e9a2ce88e077",
+    "id": "bundle--a7241d18-a529-4e82-827b-314cdcc2b386",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json b/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
index 8ef909b40a..a6d8e44d6e 100644
--- a/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
+++ b/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8af1395-7dab-4d41-b719-5a14a391712a",
+    "id": "bundle--5e84d8bb-a856-4d4f-93c5-69cc87bff351",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json b/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
index 4342aa8ab6..3d5483156e 100644
--- a/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
+++ b/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d693fedb-521c-47bb-8b11-8dc5c1e90d01",
+    "id": "bundle--4b7b6615-a2b1-447f-a800-30825c31aa8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json b/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
index 34be89fc8e..f547285472 100644
--- a/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
+++ b/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4194c22e-2cf9-4772-bf1f-3816e13e14f3",
+    "id": "bundle--60fb0e40-a9cd-407d-8b36-6ac70f5ace90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json b/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
index 3cf341051f..c90ab1f076 100644
--- a/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
+++ b/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc15ebe5-2b37-4ee7-934f-732ad749526a",
+    "id": "bundle--a9ef43ea-b205-4e44-8cdf-0c474527bbe1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json b/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
index e53a2fa99c..f76192f01e 100644
--- a/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
+++ b/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a03bd8c-11fe-4a72-aba7-d90c0c2b40e0",
+    "id": "bundle--ed18ae1d-2d17-49cb-aa60-c1c8af7cdd7b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json b/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
index 759b89241f..10a96d8659 100644
--- a/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
+++ b/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--642a59fe-cacf-4db9-b7af-994c57a1e47b",
+    "id": "bundle--1cacf883-68c7-44df-ac68-8ba09e0c99bd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json b/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
index 9ef4e56b2b..72375a3e0b 100644
--- a/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
+++ b/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ac9d0b2-707f-495b-bfc8-85b017732028",
+    "id": "bundle--53a8b3c9-4691-4d22-974d-689553037717",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0727ac06-5b46-4f79-abe9-63c1b923d383.json b/mobile-attack/relationship/relationship--0727ac06-5b46-4f79-abe9-63c1b923d383.json
index 474f868511..4131826d24 100644
--- a/mobile-attack/relationship/relationship--0727ac06-5b46-4f79-abe9-63c1b923d383.json
+++ b/mobile-attack/relationship/relationship--0727ac06-5b46-4f79-abe9-63c1b923d383.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d835a32-26be-4a6a-81c0-4daa0eaa2486",
+    "id": "bundle--48d233c6-99a2-4e33-a238-c8eb4a9fdfd2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json b/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
index 3c46c0c7ae..bb560afdd4 100644
--- a/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
+++ b/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--514d4541-8396-4422-a77d-912142fe1262",
+    "id": "bundle--5dc712c4-0005-4af2-83a0-26d64e4c1c31",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json b/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
index 521cc38b9d..9071c4f7ec 100644
--- a/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
+++ b/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c77a4133-cf28-4633-ad55-177a204836c6",
+    "id": "bundle--45d05a23-5a1d-46a8-bb26-054e638aeae8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json b/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
index 24a63361fd..9aa81e372d 100644
--- a/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
+++ b/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--17ddb4b8-96bf-4d7f-a2aa-27419d5a2f88",
+    "id": "bundle--5591ec38-9e85-4a31-897d-089f0721416e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json b/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
index f4ab1565f7..7142b788c5 100644
--- a/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
+++ b/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f56a89a2-6ca0-43a6-abbb-6ba50ceef554",
+    "id": "bundle--372a39cc-587a-4cb2-8613-9725a4cc797b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json b/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
index 811aa6891f..f36bd6f9aa 100644
--- a/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
+++ b/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e175344-f87a-4fd3-851c-dd98fd065c81",
+    "id": "bundle--42a4d5cf-8ff6-4b50-91bb-4bacd86494e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f.json b/mobile-attack/relationship/relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f.json
index 6d10d18b95..79078a1e3e 100644
--- a/mobile-attack/relationship/relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f.json
+++ b/mobile-attack/relationship/relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2dec62fb-7f16-48a0-a3bf-c81f23a17702",
+    "id": "bundle--7148eebf-96eb-4a77-950e-914ef64b4e17",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json b/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
index 5707cdad1c..28d39593cd 100644
--- a/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
+++ b/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3e5a56f-559d-4d9e-85f2-bee5e8fcb303",
+    "id": "bundle--47c2a313-3c65-41c1-bce9-7bf5e0245a53",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--085f8397-0233-42d7-855e-3dbd709f2eca.json b/mobile-attack/relationship/relationship--085f8397-0233-42d7-855e-3dbd709f2eca.json
index 0351b9f4b1..31a25e655d 100644
--- a/mobile-attack/relationship/relationship--085f8397-0233-42d7-855e-3dbd709f2eca.json
+++ b/mobile-attack/relationship/relationship--085f8397-0233-42d7-855e-3dbd709f2eca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--881c5f50-791d-4274-8662-c8cb7bce8c10",
+    "id": "bundle--40789f29-434e-4bcf-9ad8-2ab627163460",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f.json b/mobile-attack/relationship/relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f.json
index 510a16a717..938acd47e6 100644
--- a/mobile-attack/relationship/relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f.json
+++ b/mobile-attack/relationship/relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6739ed5c-8d3e-4f68-982d-a1c59e133da3",
+    "id": "bundle--94904af2-f2eb-4ebc-bb26-185662aed1a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json b/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
index dfe2651791..d99a88bc71 100644
--- a/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
+++ b/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f52410bf-3bc0-4f56-ba9a-4a78f5aa5c35",
+    "id": "bundle--4cf8e721-11ec-4476-973d-f5982c641d5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--08a43019-d393-451f-a23c-2dfa17ec40b2.json b/mobile-attack/relationship/relationship--08a43019-d393-451f-a23c-2dfa17ec40b2.json
index 68503f7417..38ba9899d2 100644
--- a/mobile-attack/relationship/relationship--08a43019-d393-451f-a23c-2dfa17ec40b2.json
+++ b/mobile-attack/relationship/relationship--08a43019-d393-451f-a23c-2dfa17ec40b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08d14e11-4c9e-472d-9783-9ab46c03e9ee",
+    "id": "bundle--f089ba5f-31af-42bc-9085-c4368a4a8df2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json b/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
index 89317d3095..c0e8f6bc2c 100644
--- a/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
+++ b/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6e87de9-07c8-4695-b644-99ee3684e74f",
+    "id": "bundle--627c25e1-2097-465e-bf5b-140eb87ff4c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json b/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
index d0ea1925e4..2ea4839e8e 100644
--- a/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
+++ b/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--127da841-23ae-4a0b-9067-ac22d3f176fa",
+    "id": "bundle--2f851edf-41ad-48c8-afdf-40e8a83478f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json b/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
index 9a775af74b..2d3b445a68 100644
--- a/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
+++ b/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e87238b-ba01-4c5a-8d25-22fb94bfa05c",
+    "id": "bundle--1ef208d0-2ddd-42d8-9ea0-f313f3272e52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json b/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
index 31c33ebddb..950c158a0c 100644
--- a/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
+++ b/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e688c7f4-73a8-4cb4-a13e-02daaa768d35",
+    "id": "bundle--b2103a07-4a8a-4b15-9de4-8df32c9cba03",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json b/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
index a58c9b6332..c688d84808 100644
--- a/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
+++ b/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73be14cd-1838-4549-8f61-ac2cd49cf6af",
+    "id": "bundle--af2b0e75-97ff-423c-8a2b-42a38e6bf492",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--09c6bbd4-9058-4657-9d8e-656439637ac6.json b/mobile-attack/relationship/relationship--09c6bbd4-9058-4657-9d8e-656439637ac6.json
index db00713149..3a7283806d 100644
--- a/mobile-attack/relationship/relationship--09c6bbd4-9058-4657-9d8e-656439637ac6.json
+++ b/mobile-attack/relationship/relationship--09c6bbd4-9058-4657-9d8e-656439637ac6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae487645-02f4-4bc8-8781-2f90c3305c03",
+    "id": "bundle--68170f1a-5445-441b-839f-bb42baf161b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d.json b/mobile-attack/relationship/relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d.json
index 565c8b74a1..0958acd182 100644
--- a/mobile-attack/relationship/relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d.json
+++ b/mobile-attack/relationship/relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9a52b564-4ee6-45b1-83de-d98cce113456",
+    "id": "bundle--3a4cbbf6-addd-47a0-a686-2f6821184a92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json b/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
index d9f0db57c9..5d68139059 100644
--- a/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
+++ b/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22012b94-7a19-4805-84bc-54066c50d171",
+    "id": "bundle--9cc206dc-293e-46b2-b25f-a8ab307c717c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json b/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
index e88537aa62..756e07134f 100644
--- a/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
+++ b/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f080b46-c627-4a78-bd9a-f8ada20ba811",
+    "id": "bundle--c2dbd03b-c809-4654-8ed4-c53cb81ff869",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json b/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
index 165070063d..319f2d4ffd 100644
--- a/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
+++ b/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d4902eaa-39c0-4c6e-8a40-9434f48970f3",
+    "id": "bundle--143575da-d92d-4a7f-bb7d-aea23b1a502c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json b/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
index cb8ea93998..794f9ee0fa 100644
--- a/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
+++ b/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d680c0d-44aa-4070-9cfb-b767ebfd46e3",
+    "id": "bundle--af395967-47dd-4edd-bc2c-3b6f81765a3c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0ae94053-1963-45ba-a3a9-62e508281c8e.json b/mobile-attack/relationship/relationship--0ae94053-1963-45ba-a3a9-62e508281c8e.json
index 5eb3e882e1..63d12b7eda 100644
--- a/mobile-attack/relationship/relationship--0ae94053-1963-45ba-a3a9-62e508281c8e.json
+++ b/mobile-attack/relationship/relationship--0ae94053-1963-45ba-a3a9-62e508281c8e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aededefa-3013-4c69-8306-3ab53eeb726e",
+    "id": "bundle--c0933e6a-5fed-4c14-a544-49972b5e97c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json b/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
index 6640d70a52..5163a43be9 100644
--- a/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
+++ b/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cf98a572-5502-4404-852f-3d932673c929",
+    "id": "bundle--c78528f8-0ab7-4ff6-a1af-0de4ad302bb9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json b/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
index 4f86d8f349..264add20e3 100644
--- a/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
+++ b/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b5c78c94-44fa-4f6b-919b-975248032144",
+    "id": "bundle--ca3f8c50-f095-4118-9aea-8acfec6a0048",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651.json b/mobile-attack/relationship/relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651.json
index 72c1d2104c..ff50f4ccc4 100644
--- a/mobile-attack/relationship/relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651.json
+++ b/mobile-attack/relationship/relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b42ca7a0-0de4-4c20-a262-8492a022b331",
+    "id": "bundle--4049c77a-33e9-4892-9e0d-27b409b371aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2.json b/mobile-attack/relationship/relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2.json
index 64a9ea7d4e..0781c0fed4 100644
--- a/mobile-attack/relationship/relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2.json
+++ b/mobile-attack/relationship/relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e72b3ba-3a5f-41cf-ae7b-e9a8124c9d52",
+    "id": "bundle--f1ce5813-cf64-4c8d-b8a2-27ae0aa50841",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json b/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
index 23ee8d2aec..085fc10559 100644
--- a/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
+++ b/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--400f739b-8d8e-42ab-82ae-5901710facd5",
+    "id": "bundle--c66e6a5f-7bb1-4744-9f46-0d4ba413b916",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json b/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
index 30dbec2bf4..68e9802592 100644
--- a/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
+++ b/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c892f0a-237f-4d2c-b1ef-ea4ac7e95bae",
+    "id": "bundle--25a8fe1c-dde3-4983-bd98-5bae1e93ba1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json b/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
index 33fad0d7d5..3084d6b49a 100644
--- a/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
+++ b/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff4ae7a3-bebc-4840-8031-1ca0a7469718",
+    "id": "bundle--61f10f6d-ebb5-4fee-a8ba-d2b9c886ef9b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json b/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
index fb3be062c2..c8c025ab7f 100644
--- a/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
+++ b/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2257799-557a-401f-add4-29d90d61c498",
+    "id": "bundle--a3ef401c-9c84-4e71-b65a-4bacd2cf1652",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json b/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
index 46bcab6e96..b4fc97829b 100644
--- a/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
+++ b/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--466f7545-6238-4afe-a4b4-eceb9b29b935",
+    "id": "bundle--35d2c77b-0b5b-4b88-9a81-0ba44c1e421a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad.json b/mobile-attack/relationship/relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad.json
index 60af1fe593..63efe1fc0a 100644
--- a/mobile-attack/relationship/relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad.json
+++ b/mobile-attack/relationship/relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--418c5fb7-5525-47e1-bd67-1d168640c909",
+    "id": "bundle--8bf7096a-bbf7-4934-92ec-c836e6310e8d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json b/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
index 01f1b685f7..fbbde82597 100644
--- a/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
+++ b/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e905e2a-51ef-49f6-b3ba-72415850c1cd",
+    "id": "bundle--62906a10-2de3-4928-90ba-aa6fafe1c37e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json b/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
index f89e54c2d6..e651be3816 100644
--- a/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
+++ b/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b08d120-d469-4ded-9462-f0278bc97040",
+    "id": "bundle--9e292aec-d980-48a1-b2c4-c76f094d2cf5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json b/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
index bc9355a267..6552f02930 100644
--- a/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
+++ b/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d8a80f4-d133-4bb9-958c-45000ab8163a",
+    "id": "bundle--7348e493-26e5-4552-8cdc-176123477b67",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json b/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
index ef2be9541b..b32629f3e7 100644
--- a/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
+++ b/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96b64cec-3205-426b-a194-126808ac193c",
+    "id": "bundle--aad38fbf-b5cc-4189-b0ef-af465aaf043d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json b/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
index ba89436f63..a4a7281b5c 100644
--- a/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
+++ b/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--693b472e-2135-414c-a394-b7143af31dd7",
+    "id": "bundle--87ff7c6c-6d4e-4e7d-a6c0-09dbbffb296e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json b/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
index 5a5ca48d54..7057c6bc9f 100644
--- a/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
+++ b/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--873c819b-714c-4674-a469-554002791fe8",
+    "id": "bundle--b7f37edb-ef63-424e-a774-4134edd46e46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b.json b/mobile-attack/relationship/relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b.json
index 58db4bbcf0..b785ccb5ed 100644
--- a/mobile-attack/relationship/relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b.json
+++ b/mobile-attack/relationship/relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e9371b4-4cc5-4c21-b0bf-117b6f8ba416",
+    "id": "bundle--92ff7326-c6d0-40e3-8ab9-4b61f11850b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json b/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
index ae93d6f098..8c7678e305 100644
--- a/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
+++ b/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24c5f682-10fe-4d6f-bfea-e2982bdd7d2c",
+    "id": "bundle--923e03c1-30f3-46f8-a3bc-11b4092ae202",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json b/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
index 449edba0a9..7037b77966 100644
--- a/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
+++ b/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5154f02-8389-4ead-b33d-c3969bc13d84",
+    "id": "bundle--01e91246-56ec-4ff8-92ed-1ff6d7e418cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json b/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
index e9635c5375..bb82080025 100644
--- a/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
+++ b/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--be2f46d2-bb05-4920-9911-916be9165f52",
+    "id": "bundle--43e1271c-0e8b-48e8-8dca-f94f9e54a6a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0e8607f6-daab-44df-b167-105403a4ef41.json b/mobile-attack/relationship/relationship--0e8607f6-daab-44df-b167-105403a4ef41.json
index 8c754ddfd8..b4a34ea5bf 100644
--- a/mobile-attack/relationship/relationship--0e8607f6-daab-44df-b167-105403a4ef41.json
+++ b/mobile-attack/relationship/relationship--0e8607f6-daab-44df-b167-105403a4ef41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ab72167-3a3b-49ce-9423-e9592a592a0c",
+    "id": "bundle--f38b0fee-d416-481b-a461-ba6529508e12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json b/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
index 5b16dddc55..381325a47d 100644
--- a/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
+++ b/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cabf8226-7dcb-4760-b963-c805af1b2925",
+    "id": "bundle--a5fbbe01-2285-41fb-a562-56d278ec2ab6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json b/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
index 5d4576399d..d39b422bec 100644
--- a/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
+++ b/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b8f67b9-572b-4ed4-9c25-78f23d6812a6",
+    "id": "bundle--40ec57c2-2481-41ae-b3d7-6b38d6e93b8c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json b/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
index cd58b8bc5e..075d603ded 100644
--- a/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
+++ b/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ff7ae8a-1aaf-47da-a6f3-f625c8745982",
+    "id": "bundle--6f047e3d-da5e-463c-8b7e-143edde350a4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json b/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
index a9b1abbbbe..4d27dbe9cb 100644
--- a/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
+++ b/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f70c04a6-0284-49e3-b9de-e381ce5bf9ee",
+    "id": "bundle--c6ed80ce-0a54-4d2d-afe7-301edae5f2fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b.json b/mobile-attack/relationship/relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b.json
index ca966ebc75..c520b05136 100644
--- a/mobile-attack/relationship/relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b.json
+++ b/mobile-attack/relationship/relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d5c58ca-b697-4595-a728-57dca55bc85d",
+    "id": "bundle--7075f7ba-4819-4aae-9a24-eb3e0873cd47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369.json b/mobile-attack/relationship/relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369.json
index be93aec944..a14562abc6 100644
--- a/mobile-attack/relationship/relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369.json
+++ b/mobile-attack/relationship/relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c179ced2-9093-4737-8dfd-66287f5dcb3e",
+    "id": "bundle--1bf146e5-e5da-4437-9aa6-59c2856f0623",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json b/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
index 4e97069e97..d58b74e896 100644
--- a/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
+++ b/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac32146f-f603-45bd-aa4d-6d160c243329",
+    "id": "bundle--41329f0a-e7e1-4f92-a100-d7d38d036e55",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json b/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
index 302c22ce23..8e1a28d83d 100644
--- a/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
+++ b/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4681ef5-eb73-44bc-b0b7-4e9bd76cdc90",
+    "id": "bundle--c021fba0-519a-4a63-b3f4-40409ba5b63f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json b/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
index 87c4221487..ab32a96f37 100644
--- a/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
+++ b/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3bd0b315-87c0-4671-84ec-cff336b22dba",
+    "id": "bundle--f799b3bd-0df0-4c52-86cf-ffc7361050d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json b/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
index c3c8cec7b2..08efaa7014 100644
--- a/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
+++ b/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d13f44d0-0e93-4faf-b75d-3176fe919541",
+    "id": "bundle--1ef300a2-6ad5-4e0c-b863-d308fcbfd7b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json b/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
index 7c4061b9e0..d5a062a2aa 100644
--- a/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
+++ b/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6821e880-9193-401e-a8d1-f9a5c59b0751",
+    "id": "bundle--d54f8bfe-ea1d-45fd-bc1a-8cdcd560aa30",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json b/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
index 481d0ddadc..fd7a57ebdd 100644
--- a/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
+++ b/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0cb049e4-a623-4045-972a-efc35fe089a3",
+    "id": "bundle--8323431a-042e-483f-b1b0-9087613c8e85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json b/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
index 425fe29d13..bc80c4ebbc 100644
--- a/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
+++ b/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4810a8a6-3572-452b-b0d2-d736c7a03cf3",
+    "id": "bundle--6200300e-de51-4234-a04e-6422958b0839",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json b/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
index d822d898d4..2477f1156d 100644
--- a/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
+++ b/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ccda6333-db9c-4e2d-a511-3b32cc2f3839",
+    "id": "bundle--f1a3fdee-8ec3-4ffc-b2f9-9bb721876d55",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json b/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
index f7581b05bf..54fb4a1b0d 100644
--- a/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
+++ b/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--981e9454-a885-49ab-a538-bc33dd6779d8",
+    "id": "bundle--408b32a3-a4f4-4d20-a0c2-a05c25188ddf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json b/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
index dd1bade11b..481940aa19 100644
--- a/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
+++ b/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--abc3356c-6735-413f-bde0-0bed8d54d61d",
+    "id": "bundle--9aaf7eeb-f7e8-4183-9ecc-6fe3d9b72d15",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--127e6672-d16a-4370-b277-4d04874a4cfe.json b/mobile-attack/relationship/relationship--127e6672-d16a-4370-b277-4d04874a4cfe.json
index a13dd5eb21..0f8bc3342b 100644
--- a/mobile-attack/relationship/relationship--127e6672-d16a-4370-b277-4d04874a4cfe.json
+++ b/mobile-attack/relationship/relationship--127e6672-d16a-4370-b277-4d04874a4cfe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b66de16b-8223-4307-8dcd-7189e3ab12c7",
+    "id": "bundle--98a6f1ef-7446-4d3e-b721-71444ff90774",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json b/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
index 89e48fc767..9b36824cbc 100644
--- a/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
+++ b/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84f29f36-3625-484c-ac67-bfdbc60a4458",
+    "id": "bundle--d0fc147d-1e85-431b-82b5-ac88f124a830",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--12852406-87df-4892-a177-e15e81739000.json b/mobile-attack/relationship/relationship--12852406-87df-4892-a177-e15e81739000.json
index 4d4c67ed0a..747ae25df1 100644
--- a/mobile-attack/relationship/relationship--12852406-87df-4892-a177-e15e81739000.json
+++ b/mobile-attack/relationship/relationship--12852406-87df-4892-a177-e15e81739000.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebfd0228-8b8d-4bf1-b839-f2a159105cb7",
+    "id": "bundle--7bd0cf2e-8f05-4aef-8ddf-997b388805a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json b/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
index 1eb78c75fb..bf81f58484 100644
--- a/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
+++ b/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a49f80ab-51c1-47bf-9c06-aa1cb96d3cb5",
+    "id": "bundle--87304090-3503-4a7d-a612-e4b2910ed6a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--12de5aeb-9427-4665-81a0-257c76d6f188.json b/mobile-attack/relationship/relationship--12de5aeb-9427-4665-81a0-257c76d6f188.json
index 5c5f77cde3..d258f5c5d7 100644
--- a/mobile-attack/relationship/relationship--12de5aeb-9427-4665-81a0-257c76d6f188.json
+++ b/mobile-attack/relationship/relationship--12de5aeb-9427-4665-81a0-257c76d6f188.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4d326b6-b105-4cb0-befd-ec18163319a0",
+    "id": "bundle--76544dec-63a3-4141-92e1-7d954650ed12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json b/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
index 8018042fc8..a63f40a8d0 100644
--- a/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
+++ b/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56c1af77-2184-4950-b668-5b4902f01986",
+    "id": "bundle--794519cf-aebd-44cb-ae84-1de945f07419",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json b/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
index 1b17ef1f0c..52449b0b3c 100644
--- a/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
+++ b/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e8cb164-481b-434c-9936-4ae78cd43eec",
+    "id": "bundle--c9f1fcfa-8190-4114-b923-c1062752f15c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json b/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
index f3af846327..675c4853fd 100644
--- a/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
+++ b/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d551797d-2a67-4fff-8924-75b860bc4ef0",
+    "id": "bundle--d01222a9-04c7-4654-8f97-318920409286",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json b/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
index 0b7e04a6cb..8e73d06732 100644
--- a/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
+++ b/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd13f936-147f-46a3-adcb-28c21b17aeb9",
+    "id": "bundle--e0705982-8fb9-4924-88e1-b07c53e5eb67",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13aba849-5004-4457-9f3b-49e470b589e0.json b/mobile-attack/relationship/relationship--13aba849-5004-4457-9f3b-49e470b589e0.json
index 2369e2b8a8..433081821a 100644
--- a/mobile-attack/relationship/relationship--13aba849-5004-4457-9f3b-49e470b589e0.json
+++ b/mobile-attack/relationship/relationship--13aba849-5004-4457-9f3b-49e470b589e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--647749e4-8f2e-4c37-8278-d8573cb94625",
+    "id": "bundle--c43f764a-f542-434e-aa4d-5b7f2c585745",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json b/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
index 0b92774bd2..22de24af8b 100644
--- a/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
+++ b/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa6f76a9-c7db-49c7-81b1-ca88a521fe86",
+    "id": "bundle--eccc4f1b-e940-4e66-bf80-79879423788c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json b/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
index 08f218419e..a76cbffc5e 100644
--- a/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
+++ b/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe6c5e3f-da98-4a08-884b-63c0a1d9bd8c",
+    "id": "bundle--865236ef-0eb7-4e6c-967a-aaaf161ae631",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json b/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
index d2f33014f1..d8d4f2954f 100644
--- a/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
+++ b/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08123738-fd51-46c1-a6ac-4b4c5023ba86",
+    "id": "bundle--c16f31eb-a180-481d-a37d-2912e88ec58e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json b/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
index b6d4f2ed67..017869cfd2 100644
--- a/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
+++ b/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e54c03a-7920-4810-b558-ef4d36adfe8e",
+    "id": "bundle--3cd3816e-c3d2-455a-8631-4ba22ebfa50c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json b/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
index fdd8a89767..8d2c8a4db7 100644
--- a/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
+++ b/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1ca1d52-b214-49a3-9f05-1ef7b3f3e477",
+    "id": "bundle--1244933c-bcfc-4c6f-a838-a58124e7e988",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json b/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
index b3fe555bee..471acabe9f 100644
--- a/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
+++ b/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b0305ef-74ae-44f5-a670-090c7cee875b",
+    "id": "bundle--64798ddb-4da6-4cd5-be29-5995687754db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json b/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
index 32c7bfce32..ea56de561b 100644
--- a/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
+++ b/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5e2d81a6-0bec-48eb-b5a6-da82acbf12e3",
+    "id": "bundle--2382273a-1640-4bf5-b223-87ef4ef79b31",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--148703c5-6d07-439c-a4ff-d77119c70857.json b/mobile-attack/relationship/relationship--148703c5-6d07-439c-a4ff-d77119c70857.json
index b9a04cd7ff..baabde89ea 100644
--- a/mobile-attack/relationship/relationship--148703c5-6d07-439c-a4ff-d77119c70857.json
+++ b/mobile-attack/relationship/relationship--148703c5-6d07-439c-a4ff-d77119c70857.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3c66ffcc-e2c7-4cb6-9806-aea39aab22b2",
+    "id": "bundle--74119f7f-a3aa-4110-b0da-176fe860385e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json b/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
index 568785cac5..e67f51a437 100644
--- a/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
+++ b/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf899fb0-71b1-47d2-8470-e5b7b6c15519",
+    "id": "bundle--6ba6c269-6ec6-499c-83f7-4f7a7f041ae0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json b/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
index 630b273ef6..354f478aed 100644
--- a/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
+++ b/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--27f824a3-d0f7-4f2d-854c-1cea4e24d97d",
+    "id": "bundle--d8a52921-8a5f-4be3-a0ed-ccd1f29a5d23",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json b/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
index 355c6ab667..a0031419e4 100644
--- a/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
+++ b/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--abc32ee0-246a-4085-93ef-449c9a18aa9d",
+    "id": "bundle--8b0e0a94-9b59-4b97-97e2-44c4265d82db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json b/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
index 2d1d1efcdf..a60d3b75ba 100644
--- a/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
+++ b/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec7bd490-463a-443d-b64c-31b83a651827",
+    "id": "bundle--68c2a97f-0aef-4d4a-9c7f-0785d01ee996",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json b/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
index 7149d559b0..ee6ecf6f59 100644
--- a/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
+++ b/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f913222c-d769-4889-ad95-36bd4b493211",
+    "id": "bundle--8a5caf07-77b1-4f84-a814-a2cdf6436388",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json b/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
index 608b6ad8b1..92453d8e6f 100644
--- a/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
+++ b/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c197b7ae-da76-4cb7-afa3-bacf0872af04",
+    "id": "bundle--e71eb915-cd6f-4e40-89c1-8c328249c5c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json b/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
index 35f9f4b4ba..58fcd7dc3f 100644
--- a/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
+++ b/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b718e28a-b9a5-4fcd-a968-355cd252aeda",
+    "id": "bundle--08536b51-bd77-409d-9eef-345b5bd3c168",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json b/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
index 320d6c9d57..57ffc7e6f5 100644
--- a/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
+++ b/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f105aff6-308b-4332-ae9c-2a8304209139",
+    "id": "bundle--57e5590e-1d62-4a93-900f-b5b124b6f64a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json b/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
index 7b60ebd4e2..cdc75c5408 100644
--- a/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
+++ b/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d19e426-a5d3-46b2-b7d5-0e4dc6e94170",
+    "id": "bundle--9379ab68-c201-4384-85eb-ec607af72f4e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json b/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
index 668228b07e..3e604c3cf2 100644
--- a/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
+++ b/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d21c303-8c97-46fa-986b-b6b9ceb7fb01",
+    "id": "bundle--d3442ffc-65db-491c-a41a-bbb64ebcbfbd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json b/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
index c435baa574..cc959ad7ee 100644
--- a/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
+++ b/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a65444d4-e731-4442-bd91-d56faba4417a",
+    "id": "bundle--7db304c4-7613-41d3-aff2-07e6360bab89",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json b/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
index e4c63eb9dd..9d2e12caea 100644
--- a/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
+++ b/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d65dfec-990d-4c13-afc1-ae4ca339406c",
+    "id": "bundle--8103c6dc-f6cc-424a-b196-88a6f76bd4f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json b/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
index b2d91e5ab1..270101cff0 100644
--- a/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
+++ b/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--97a4cfa9-7f7d-4392-97a8-3433c9ceaeaa",
+    "id": "bundle--a9d6651a-e52e-41f8-a2ff-b7882b2991c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json b/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
index 92fe000e35..45a08a6bda 100644
--- a/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
+++ b/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e7121a6-ab1b-4fd5-af90-943c08031396",
+    "id": "bundle--601a11f1-7771-4d8b-a78d-75aa1875f478",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json b/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
index 5a3eb6932f..3cca6ba4f0 100644
--- a/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
+++ b/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca37cbe4-707a-469e-8255-70aa9e75124d",
+    "id": "bundle--8d310e05-26b5-4bff-9c46-b0d7da30fede",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json b/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
index 15ff187a50..bc575ab01d 100644
--- a/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
+++ b/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b62b566-7947-47bd-81e4-e3cfdc3d6e9b",
+    "id": "bundle--7b153d1b-f323-40cf-8fcc-391611f22259",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json b/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
index 54ef43f13b..c4288e35ed 100644
--- a/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
+++ b/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--908b537f-8f75-4b27-8efd-b48882a46392",
+    "id": "bundle--81ae750d-a00a-4558-ae83-d10176e22624",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json b/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
index e7f6872bc5..af4dceaad5 100644
--- a/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
+++ b/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--91c35429-c5fc-4901-bccc-0a156e1c2d2a",
+    "id": "bundle--9567030d-0765-4df5-8727-4478477094f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json b/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
index fd41a18f7f..b2320ed9b5 100644
--- a/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
+++ b/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--29e72338-da73-4aff-822c-99501cd2b604",
+    "id": "bundle--561ca687-8533-4974-b0f6-3b406d0f81f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json b/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
index 6b378fd495..0aab1979eb 100644
--- a/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
+++ b/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00f952c5-afaa-463a-95e5-9983ddf1d07f",
+    "id": "bundle--21ca9884-41c7-414e-b694-e3711894d6df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json b/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
index de345827c1..5086ed024f 100644
--- a/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
+++ b/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--386c7d34-a51f-44f6-9b55-01d2c30e814e",
+    "id": "bundle--f75b189f-8cc2-41a5-ab27-0d7a916dcf73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json b/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
index 8668010b45..cc4903da28 100644
--- a/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
+++ b/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e7ee77f-3208-4bdc-87bc-77da06de402c",
+    "id": "bundle--3addcf72-d5bf-488f-b601-6fdbbfcde0f4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json b/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
index c441f9612e..d6d98f1287 100644
--- a/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
+++ b/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e308077d-cc28-42f3-9c53-121c3620a0ee",
+    "id": "bundle--3de56ec0-cf1f-4b30-81e9-69e98469a1fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json b/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
index b775f1b3f3..dccf04ca37 100644
--- a/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
+++ b/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e895d6a-0317-4759-ac61-bb881c7dc1de",
+    "id": "bundle--545a84e7-c296-416c-884f-a69e60620c01",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json b/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
index 3e6bbbd030..81854f6852 100644
--- a/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
+++ b/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00beef27-c42f-45b1-aed1-646559578bb7",
+    "id": "bundle--b8918a35-4158-40b5-a051-bf1e9259de8f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json b/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
index 809adc6cc5..cff667d292 100644
--- a/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
+++ b/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--97a7e9c8-1f0a-4dac-81fc-28cb79dd2515",
+    "id": "bundle--681bc7dd-12f6-4e59-8c69-9d9145fbd197",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf.json b/mobile-attack/relationship/relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf.json
index d1fe4f838b..ebee8ec62f 100644
--- a/mobile-attack/relationship/relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf.json
+++ b/mobile-attack/relationship/relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb4559ff-ce2e-4159-89c4-ed8d6ef01d9d",
+    "id": "bundle--51a1b8a7-d1f4-401d-b78a-a1fb11354d7e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json b/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
index 1d778745bc..458f475374 100644
--- a/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
+++ b/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b7a9397-fafc-463f-b7a3-00d876214528",
+    "id": "bundle--756e63cd-db61-4926-84e1-38eaafc390c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json b/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
index 918d23a6da..1e07fd25e0 100644
--- a/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
+++ b/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ddcd918-7886-4b38-bf0f-a3fd24720a11",
+    "id": "bundle--6adc7928-d03d-4769-8be2-1d4c513325cc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json b/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
index e68bcab371..bbf245bb96 100644
--- a/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
+++ b/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa8b0fd2-58df-46db-9419-7b42e4b5d682",
+    "id": "bundle--d5d65432-416d-46be-b6df-338065dda78e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de.json b/mobile-attack/relationship/relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de.json
index f797f480b7..5fff1d2eb6 100644
--- a/mobile-attack/relationship/relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de.json
+++ b/mobile-attack/relationship/relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--15dd04af-2aa6-4d5e-a7ee-390c109e802c",
+    "id": "bundle--88fed3ee-14ad-47e0-9ace-9e00212fc5d1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json b/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
index 24e005fb8d..2a5b84d934 100644
--- a/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
+++ b/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--717845f3-3710-4901-bf75-94c695b08fde",
+    "id": "bundle--7e41bdc6-ced6-4953-a52d-59c816bbacf4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json b/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
index c76b26f7ac..da2acb7fc4 100644
--- a/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
+++ b/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cf9874c3-6739-41b2-a7b4-9e5f964ea668",
+    "id": "bundle--c5bed2d3-9734-4506-9140-baed8ce075dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json b/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
index 0d4c953809..584d132800 100644
--- a/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
+++ b/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f2514f18-9b91-46d4-943c-d9942adfcc95",
+    "id": "bundle--ad0d17e5-54ed-4a61-91ae-2ee79cb716b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json b/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
index 48e0e2a5b0..fba978fcd6 100644
--- a/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
+++ b/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33edacb5-4c90-4f23-a347-0feb8b25aff9",
+    "id": "bundle--8aac7e89-0416-46d5-801e-818afc08d9a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json b/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
index 912263d7bd..1117c18cdc 100644
--- a/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
+++ b/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a8fcbc8c-7c03-4724-b840-54b91e78e07a",
+    "id": "bundle--dac0a4a1-d890-4ef5-8659-68b1385a411e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json b/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
index d29b52dc0e..2f8c38a3d0 100644
--- a/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
+++ b/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07b594c1-1860-44af-af4a-bca899a36f58",
+    "id": "bundle--8c74b72e-89c6-47ef-aad6-7b515669549b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f.json b/mobile-attack/relationship/relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f.json
index 588edc8dc1..3799be5564 100644
--- a/mobile-attack/relationship/relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f.json
+++ b/mobile-attack/relationship/relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--caf53b7e-d326-459d-bdad-509ba4cc82e3",
+    "id": "bundle--7e29760c-bd77-4ad0-9379-88fef7d9c123",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json b/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
index 05f7059a6a..1c78aee9c5 100644
--- a/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
+++ b/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13dbe3ed-87b3-45ce-ab27-ecb3ef4e62fc",
+    "id": "bundle--22cd7f68-9be5-4813-9f6e-f6e124a1f5a1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json b/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
index d898cd09f0..ff093ce1e4 100644
--- a/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
+++ b/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--348ba43b-1aab-47b1-9118-b9043ea220e1",
+    "id": "bundle--986e3916-1556-4238-bfdc-a6e7be383557",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json b/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
index 0410dbde68..8a5e1d9b8b 100644
--- a/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
+++ b/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--82992198-74f8-4c47-8c13-445f3e65cede",
+    "id": "bundle--0bc66119-f990-41c2-856a-17c480464137",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json b/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
index 7f3211360d..d1e9a114c5 100644
--- a/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
+++ b/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4642f804-0a3d-4411-9dd4-4f2fafaa3ef7",
+    "id": "bundle--3aa0e500-6d67-42e2-8cdc-427890f6a43a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f8f0021-6992-476c-ba1c-232542dc1633.json b/mobile-attack/relationship/relationship--1f8f0021-6992-476c-ba1c-232542dc1633.json
index 13e8443213..3b170d5420 100644
--- a/mobile-attack/relationship/relationship--1f8f0021-6992-476c-ba1c-232542dc1633.json
+++ b/mobile-attack/relationship/relationship--1f8f0021-6992-476c-ba1c-232542dc1633.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8811df2-aa1f-48ac-b5a4-74991b5d9e28",
+    "id": "bundle--efcbe4d5-e618-4d67-8e29-6857006468f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json b/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
index 4b2a993c9d..d396a17c14 100644
--- a/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
+++ b/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7cf4f9e7-498f-4f37-a6f5-d89236b2e130",
+    "id": "bundle--66f38551-db36-4cf5-b8cd-af4324acdf00",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json b/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
index c5aa2c6f7f..7905091643 100644
--- a/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
+++ b/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--115bbbf1-77b8-4a93-9d3c-3803299cf696",
+    "id": "bundle--e3ed0ed0-1225-43d9-8a21-0b97871d41ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json b/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
index 06e548c69a..38249513a2 100644
--- a/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
+++ b/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--332cefac-d3f6-4399-b13b-6c873d6f7bcd",
+    "id": "bundle--f8b18f58-067d-409d-950e-39760d5a0fb4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json b/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
index 86b2c32a3e..3aa6d7eaa5 100644
--- a/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
+++ b/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--151fe5b2-297b-43ef-bc92-8d7719d536c5",
+    "id": "bundle--c82f7904-5ddf-4e16-9b5c-2b8fde9d0802",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json b/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
index dfc1c25a0b..2a4411359e 100644
--- a/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
+++ b/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1c2d6aa-992a-438f-889e-6972631d5c92",
+    "id": "bundle--93c0c690-a6ea-4f42-b8e8-9fabbe29afbf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json b/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
index 6058c3ffa4..50c32e3c45 100644
--- a/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
+++ b/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a770ea7-b2da-4165-af26-6ff1e2178366",
+    "id": "bundle--5f6cfa05-9aae-4623-85d9-f92840ee19b1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json b/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
index 4470805c8e..e3624e06cc 100644
--- a/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
+++ b/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdc15aff-343a-4de6-bec5-821e435cfae9",
+    "id": "bundle--3e097691-ef5f-45b4-8a98-a70f6f024818",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json b/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
index 09c08e9ab9..a18947428c 100644
--- a/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
+++ b/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--150f6b61-9070-421c-be5c-eb4a5bee5933",
+    "id": "bundle--255dcca1-47c3-4c07-9281-61067d33f4df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json b/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
index 516e20426c..02a3333517 100644
--- a/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
+++ b/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f366792c-f2df-4484-90bd-9cca52f19c1b",
+    "id": "bundle--f5bd1f32-a6dd-4448-9156-a64e5c139b5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json b/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
index 0f7c42b88d..c1f8f75d52 100644
--- a/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
+++ b/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cac9f70a-6c25-4f03-9596-5f46dd9d1c2b",
+    "id": "bundle--37a27a6d-13fb-4dc9-b354-be8f252e16be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22041a01-75e7-4ff6-8768-ad45188c53c7.json b/mobile-attack/relationship/relationship--22041a01-75e7-4ff6-8768-ad45188c53c7.json
index ff0a6f3b15..752d3e8342 100644
--- a/mobile-attack/relationship/relationship--22041a01-75e7-4ff6-8768-ad45188c53c7.json
+++ b/mobile-attack/relationship/relationship--22041a01-75e7-4ff6-8768-ad45188c53c7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0821ea2a-63d9-4e82-9914-244041f79616",
+    "id": "bundle--b697a258-8821-4f80-9a3b-87cd6a1469c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json b/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
index be96a8eded..c9af084619 100644
--- a/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
+++ b/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2adb8e4b-8566-4492-b38f-8eefcb7ac6f7",
+    "id": "bundle--48223e83-bb64-4b6b-a27a-e394ad1f0cf8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json b/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
index e290d52d2c..be15a22e04 100644
--- a/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
+++ b/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1c93a12-aa7d-4025-81a9-0bdc8c3e2ff2",
+    "id": "bundle--f4e0d36e-c6c4-40c9-ae98-de5048d2ecf4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json b/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
index 2b3044af72..ab3dbdff2c 100644
--- a/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
+++ b/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6201c758-5f02-4e45-b392-f6e2a3c61f0c",
+    "id": "bundle--5b8a8faa-fef8-4dad-825a-3290c6276108",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json b/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
index 18a650af6b..0145da4c83 100644
--- a/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
+++ b/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73863de2-3734-4677-9fa3-e8587b5a27a3",
+    "id": "bundle--c0664750-205a-42c7-a47b-180df98dbc6a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json b/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
index 8998da05ce..b9b97f8e17 100644
--- a/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
+++ b/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebdc5f0c-173b-4e94-bb39-732deb390db3",
+    "id": "bundle--6da5460d-193e-4fbf-adba-2a88f9e26f05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json b/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
index 5f21b9f13b..43ee1ea0ce 100644
--- a/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
+++ b/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e45736d8-27be-4b76-ae58-dda69f2234f3",
+    "id": "bundle--07eb8818-880b-4f49-abf0-9437ac756231",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json b/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
index 613b02a93a..3a856b8d9e 100644
--- a/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
+++ b/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e362cda-82ad-4a93-972e-1f225aee2709",
+    "id": "bundle--08d0ef48-9b3a-49a3-81a7-bf25cb5971a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081.json b/mobile-attack/relationship/relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081.json
index 6276968348..f7ca4de8bd 100644
--- a/mobile-attack/relationship/relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081.json
+++ b/mobile-attack/relationship/relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a66ab8f-4285-4ee6-b934-fd610fa45b8a",
+    "id": "bundle--f5bb3094-ac4b-41e3-a63b-da99b5442f3e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2.json b/mobile-attack/relationship/relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2.json
index db004166f0..8838fa3d82 100644
--- a/mobile-attack/relationship/relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2.json
+++ b/mobile-attack/relationship/relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--411253d1-f74d-4642-9269-e3d2e94aab04",
+    "id": "bundle--96658283-f521-4778-a2b1-3cd1aa831891",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json b/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
index 18c9a9cf8a..e9874b6b63 100644
--- a/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
+++ b/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9804c0f4-bc7e-4d8d-b127-66680f48c011",
+    "id": "bundle--61800237-de2b-4e6c-984f-3ad21b6952e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23ecc134-0623-45ec-b8b5-52516483bda1.json b/mobile-attack/relationship/relationship--23ecc134-0623-45ec-b8b5-52516483bda1.json
index f52925cd2e..9658162c45 100644
--- a/mobile-attack/relationship/relationship--23ecc134-0623-45ec-b8b5-52516483bda1.json
+++ b/mobile-attack/relationship/relationship--23ecc134-0623-45ec-b8b5-52516483bda1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--90ddda7c-2011-4257-9816-087af29a207c",
+    "id": "bundle--748d8ec6-d4b6-4a6a-bca2-c635aef35041",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json b/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
index 6d8a72cbe2..bfa05dcfd4 100644
--- a/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
+++ b/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b80b264-f870-49ae-af9f-e65c62cd3b94",
+    "id": "bundle--f0eb139c-a828-496e-b7cd-9181a819194e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json b/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
index 4e79c98882..b0bb9c8012 100644
--- a/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
+++ b/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64751b33-1461-4652-8172-0d6aa8e2b375",
+    "id": "bundle--f89cbc15-c666-42d8-bcf1-2a613fa474e2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json b/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
index c537290819..190c25d933 100644
--- a/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
+++ b/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1736020-55f7-4889-b4b3-36833b3e3c48",
+    "id": "bundle--45a25033-6c92-47ed-91d0-b2391d5d2e12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json b/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
index cbf42c1531..a3a51a013d 100644
--- a/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
+++ b/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--915e1579-ca84-4a3f-b105-99b5adcea434",
+    "id": "bundle--d6df25a5-2829-40c8-9203-956361084ff4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json b/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
index 29bc4d4a29..2f53a1505c 100644
--- a/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
+++ b/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9edd6897-b40a-4fe7-aea2-7a73af59c727",
+    "id": "bundle--6d6f357d-dd09-46c3-bea8-68703ec20c46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--25655385-5b0d-4700-a59f-d5d043625b84.json b/mobile-attack/relationship/relationship--25655385-5b0d-4700-a59f-d5d043625b84.json
index e78b153366..f6e2b569a5 100644
--- a/mobile-attack/relationship/relationship--25655385-5b0d-4700-a59f-d5d043625b84.json
+++ b/mobile-attack/relationship/relationship--25655385-5b0d-4700-a59f-d5d043625b84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1800f62e-3af1-4f28-a01d-5cfa884f4c32",
+    "id": "bundle--84d36c5e-50d1-467a-9e02-51738ffd6489",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json b/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
index 29539580bf..d824395b47 100644
--- a/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
+++ b/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a0cc4564-2b88-4dd7-b24a-3b2f9c6126d4",
+    "id": "bundle--5c8799cf-2c12-416f-ae27-2329e84c7ef0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3.json b/mobile-attack/relationship/relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3.json
index 40cd374ebd..ec881fbd2d 100644
--- a/mobile-attack/relationship/relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3.json
+++ b/mobile-attack/relationship/relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a7a5749-51b5-4811-94e4-a42671302420",
+    "id": "bundle--9d4a00ed-7610-4ad4-b337-b12fe84a505e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json b/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
index 9915c81380..de699777ea 100644
--- a/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
+++ b/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--57e819c5-5132-4150-9c95-2660b2026ef9",
+    "id": "bundle--fc2afe16-ea52-494f-986a-7991e4c79183",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json b/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
index 3bac0d5c99..ad27ad22c8 100644
--- a/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
+++ b/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f88e9624-2ce2-4a19-b399-3a087709b617",
+    "id": "bundle--ae7a03d0-4d07-4175-bdf9-a98c68b4c8ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json b/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
index eb8df40c1f..20ec1fba28 100644
--- a/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
+++ b/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71cc0453-719f-4887-b728-ee8e4411c206",
+    "id": "bundle--7a3e97d5-42b7-4aba-bc85-7a4d10cc4392",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json b/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
index b89e28e471..70d62fc7a6 100644
--- a/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
+++ b/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0dc28436-95c6-46fa-85fc-868d2fd5a63f",
+    "id": "bundle--d85c76a3-8267-46fd-ad78-2179a4b70535",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json b/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
index 06155bde7f..ad0387f304 100644
--- a/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
+++ b/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9f579e15-b4b3-4ee1-9d52-87489deb478a",
+    "id": "bundle--d1d66846-884a-409d-92c0-aaa795b4ea68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27050442-e578-44b7-9534-ada78824befe.json b/mobile-attack/relationship/relationship--27050442-e578-44b7-9534-ada78824befe.json
index 8d9d70736a..0a5cdbf895 100644
--- a/mobile-attack/relationship/relationship--27050442-e578-44b7-9534-ada78824befe.json
+++ b/mobile-attack/relationship/relationship--27050442-e578-44b7-9534-ada78824befe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb047d62-e27d-4526-9975-6898cdc38577",
+    "id": "bundle--fb8c0766-b584-410c-bd67-f3b04ae7a976",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json b/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
index 8c2627b045..61782e8af3 100644
--- a/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
+++ b/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2704a136-88a2-4ec7-803c-eb5dcdb81c8b",
+    "id": "bundle--51630013-ab8c-4f2a-8d0a-7ab4314dc9fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json b/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
index be05e483e0..4572a60332 100644
--- a/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
+++ b/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8356d275-e8d3-4f5f-b0f4-4037110ff5e0",
+    "id": "bundle--007b7cf6-19a0-4ab8-b471-63c5a526ff6a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27490b14-8044-408a-8c6a-6d8427eb78ff.json b/mobile-attack/relationship/relationship--27490b14-8044-408a-8c6a-6d8427eb78ff.json
index 56dd4b644f..232e5ada86 100644
--- a/mobile-attack/relationship/relationship--27490b14-8044-408a-8c6a-6d8427eb78ff.json
+++ b/mobile-attack/relationship/relationship--27490b14-8044-408a-8c6a-6d8427eb78ff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08587932-8c42-478f-8dfb-1d25c5f1641c",
+    "id": "bundle--5103f4ef-3d79-44ce-9ce3-eaf3323b34d1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9.json b/mobile-attack/relationship/relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9.json
index e264858dde..96cea5bb7f 100644
--- a/mobile-attack/relationship/relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9.json
+++ b/mobile-attack/relationship/relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d859bd48-ed29-4a85-b735-2430457ce260",
+    "id": "bundle--5b562db6-c3a1-4652-8635-ff1f70e623a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json b/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
index 3d204638ec..c03ed1c0ee 100644
--- a/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
+++ b/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--be96b46e-9400-4387-9be6-c975ee993b06",
+    "id": "bundle--78e4dc75-118b-4b40-a0fb-e0494abf8072",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json b/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
index 8357ba27e2..0d5acfc77a 100644
--- a/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
+++ b/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b451b2d-a77c-4c17-97d1-4c418efcabd2",
+    "id": "bundle--224f0965-33e0-4da0-98f5-43eacb7919b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json b/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
index 2fff04de5e..0cf55d24db 100644
--- a/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
+++ b/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5004772-0ee8-49f0-be5c-9c292ac41338",
+    "id": "bundle--d7c022db-cf5b-4115-8760-8ac622221e40",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json b/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
index 573cf593ba..dcc0ba8894 100644
--- a/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
+++ b/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b6c5f975-96ee-419e-b59b-7d8b6bdd876b",
+    "id": "bundle--920bd556-b394-42a9-8e33-f559400c41b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json b/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
index 149b384606..1a3ad0d788 100644
--- a/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
+++ b/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6dde74df-927d-4d29-a292-494b2d006dfb",
+    "id": "bundle--b48a9b47-0886-4807-ba99-05e2938f726f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json b/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
index 1dc853aeed..9bbce73b4f 100644
--- a/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
+++ b/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--48c0fae8-b3f8-4ac7-b925-fa6f3604c5b5",
+    "id": "bundle--4f42df94-df8b-4c3c-a1e4-179219c36f94",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json b/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
index 8f1c936aa4..ccf8e052df 100644
--- a/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
+++ b/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c7d53e40-b81f-49b0-ba7b-a206dcd7ec09",
+    "id": "bundle--970dd269-e2cd-4e13-acf3-239458a18147",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json b/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
index 9554bd4631..e249839284 100644
--- a/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
+++ b/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9bd47aae-33ca-4609-9266-5954f9a1a163",
+    "id": "bundle--c98318a2-f8c9-45e1-9580-0d3ae408b317",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json b/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
index 7bb16ace5e..8d6fa49a2f 100644
--- a/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
+++ b/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b467e621-fee8-44aa-9d43-81f0c5188f11",
+    "id": "bundle--22ce9ec4-a1aa-42df-8077-65b33b734ba1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json b/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
index a8a916d569..d35a33904a 100644
--- a/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
+++ b/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef645710-290c-4259-bb0c-88a8e503bf5d",
+    "id": "bundle--59b2f861-d4f6-4841-bcda-bb4f615c97e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json b/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
index 828135b1b3..b8f30d2c14 100644
--- a/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
+++ b/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--79a63ed0-08a1-467e-bde7-b0fb16fa9898",
+    "id": "bundle--d3822dfa-cc0f-4c5e-9d58-e3af59ebbeae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json b/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
index ea34acc69c..9351b08448 100644
--- a/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
+++ b/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a39dc00-0a8b-4844-b5c5-49ad4be595a1",
+    "id": "bundle--404958e0-0e99-49b4-b858-23119c87c20e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json b/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
index cb2a7a121c..f1ad7c1f33 100644
--- a/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
+++ b/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1fcc4c96-f86d-45b1-8286-4f400ccc68cc",
+    "id": "bundle--16124fbd-9998-4333-b315-9cc426e6dcc2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json b/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
index a84bda9bd1..c44526da80 100644
--- a/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
+++ b/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d872e97-1627-46d3-9657-eb452c26ce06",
+    "id": "bundle--40227b84-9e52-417a-b845-e59980fb49cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json b/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
index b4beacaca0..f2c9cc5884 100644
--- a/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
+++ b/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52b493cf-08d4-4c65-8ecc-f2f3c234e9d1",
+    "id": "bundle--b7cefb07-268e-41bd-b52a-705dce500f59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json b/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
index e7648d2f85..72360bcc47 100644
--- a/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
+++ b/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d858dd5d-3532-4aa6-abbe-35eabd9fcba5",
+    "id": "bundle--1a527685-3b07-45db-bc83-21f9d3ad2eae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0.json b/mobile-attack/relationship/relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0.json
index 57542874fe..75d58b8e2e 100644
--- a/mobile-attack/relationship/relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0.json
+++ b/mobile-attack/relationship/relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dcc3a879-6097-4de7-8d67-f59dac46b2d5",
+    "id": "bundle--d205204d-62bd-4b01-80d8-ece9ff390d9e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json b/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
index f0ce51c0b2..07bef4fe8e 100644
--- a/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
+++ b/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2ede914-7513-48b0-ade0-5d0d03259f20",
+    "id": "bundle--39ec8ff1-21f6-418f-9889-34ddd59235d8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7.json b/mobile-attack/relationship/relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7.json
index 8e77f19ae6..db4893a639 100644
--- a/mobile-attack/relationship/relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7.json
+++ b/mobile-attack/relationship/relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f0b0172b-df6a-48a8-bcd4-68e18b1a3ce9",
+    "id": "bundle--d17d84f2-281e-47a1-a443-f380fe8c87f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7.json b/mobile-attack/relationship/relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7.json
index eaf8129efb..40ce548c10 100644
--- a/mobile-attack/relationship/relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7.json
+++ b/mobile-attack/relationship/relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--abac0546-e14a-4d13-a840-c669ebaabda0",
+    "id": "bundle--99ef01fc-3062-4933-8152-d5c79ddb877d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9.json b/mobile-attack/relationship/relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9.json
index 6088a4f526..6dd011f7c5 100644
--- a/mobile-attack/relationship/relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9.json
+++ b/mobile-attack/relationship/relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdf0185d-4014-4f3a-9368-0389ddd0febc",
+    "id": "bundle--75869263-4813-4106-96a7-9cd4fe61bc56",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json b/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
index eac1615fa2..aa5d042cad 100644
--- a/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
+++ b/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5000f9ee-013c-4a8e-ac43-681b86d98eab",
+    "id": "bundle--32240539-a416-4670-8e60-62aa0d5fedcb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json b/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
index 51d1bd63e8..efe7fb9002 100644
--- a/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
+++ b/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d2b7845-5a1c-41a3-b046-e6bb2156f16c",
+    "id": "bundle--bce5a293-6134-4157-b8d4-6e6d23f5a100",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json b/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
index 9e50454356..9c75d5ea73 100644
--- a/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
+++ b/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06ce3f96-a931-4493-a331-69fb4513b073",
+    "id": "bundle--b74b37a7-ef49-4134-90ef-fe30e9f14f68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json b/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
index a94c7b2717..e7a09150e5 100644
--- a/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
+++ b/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53ce87b4-86d5-4111-8cc1-1ea0bfe852d3",
+    "id": "bundle--a528dcb5-f69b-4846-87e6-3657037d6b77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6.json b/mobile-attack/relationship/relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6.json
index 5cc34db923..2d873e15fa 100644
--- a/mobile-attack/relationship/relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6.json
+++ b/mobile-attack/relationship/relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e47d220-7b93-4fb6-bf8a-0628bef3c0df",
+    "id": "bundle--17fa6a7d-9099-48ca-a3f9-c22363f6cd30",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07.json b/mobile-attack/relationship/relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07.json
index 22d2c1210a..932c9e10e9 100644
--- a/mobile-attack/relationship/relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07.json
+++ b/mobile-attack/relationship/relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0944987-a2c1-4977-9c4c-1230c37c05c4",
+    "id": "bundle--a4aab5f7-0f4c-4e5b-b875-e348192c637c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json b/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
index ed6bce5bdf..a4fdc906e7 100644
--- a/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
+++ b/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99fd7d83-ac8b-4780-923a-139dd39697df",
+    "id": "bundle--9991527f-afbc-4c53-a50d-7e445d9cef8c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json b/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
index 940ee1e331..cd4e7ff197 100644
--- a/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
+++ b/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--926659b4-61d4-4d73-9a6c-7ce72353546f",
+    "id": "bundle--e91a3e08-a818-4415-862f-6aa69c6712f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2d3198ff-a481-47ec-ae64-13d7be706929.json b/mobile-attack/relationship/relationship--2d3198ff-a481-47ec-ae64-13d7be706929.json
index 5050f8ca09..74e19b9978 100644
--- a/mobile-attack/relationship/relationship--2d3198ff-a481-47ec-ae64-13d7be706929.json
+++ b/mobile-attack/relationship/relationship--2d3198ff-a481-47ec-ae64-13d7be706929.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b989e99-cbb4-4354-828c-63aedc5f994d",
+    "id": "bundle--2a058822-b7b2-4d85-98a2-d97f62d5053d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json b/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
index 98516c3c2e..7fa907fe8b 100644
--- a/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
+++ b/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a4cdfff-c090-4d35-9423-4bef6989d514",
+    "id": "bundle--626b6045-bee5-4a18-ba9a-ea59e5be2e71",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json b/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
index 51311ad48f..3adb5643d9 100644
--- a/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
+++ b/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--abcf7092-d63d-4a85-a32f-1e4f603f448e",
+    "id": "bundle--d319adbf-982e-4cb1-a4ae-4acf9f70551f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json b/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
index 930b5358a8..c94dbac1aa 100644
--- a/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
+++ b/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f06efd5-5953-47b7-8e48-12eca602ecc3",
+    "id": "bundle--fb17332a-0864-48cf-90b6-2b1fa5a2c0e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json b/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
index dbfa6a466c..a3f3d053cb 100644
--- a/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
+++ b/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a7f31c3-eb2b-443e-80a5-3078e690f506",
+    "id": "bundle--6650b49f-c8e8-4a6d-9905-2878f2503ed4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json b/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
index 648b8ebed7..28606a10ed 100644
--- a/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
+++ b/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08513a50-505f-4a6c-b55a-018aba6ec611",
+    "id": "bundle--488fbaf9-cd47-451d-b5ae-c9dfa0138d9e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json b/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
index 465f5640da..cf68f79567 100644
--- a/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
+++ b/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03c882d2-d992-4c8c-a421-f7e9e52801ba",
+    "id": "bundle--98322ba6-4285-4bb5-8d8f-121c9c141a92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json b/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
index 3b2b0f5a74..c238fa07d9 100644
--- a/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
+++ b/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3de346bf-412a-45e9-814e-c6fdd7f4ac64",
+    "id": "bundle--0463568f-d697-43f1-88af-30b1fa937875",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json b/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
index 9d4ae5a85f..fff84c33fa 100644
--- a/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
+++ b/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3109a78-e6a7-4be2-8c54-4f76d086388f",
+    "id": "bundle--2cda37c9-44b2-40e0-9114-20b243cac53b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json b/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
index 0534149e4e..24591a1da3 100644
--- a/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
+++ b/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8d4f61db-7aae-4fa0-b234-9dafb5657373",
+    "id": "bundle--7bd22d3c-5025-43c6-8326-68b62bbce22e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json b/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
index b859ca9b42..8f8105b385 100644
--- a/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
+++ b/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdada771-371b-4532-b6a4-f0fb9902b42f",
+    "id": "bundle--f22e4cc9-6d54-4c92-b270-15bda00d7952",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json b/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
index a3c166b8d9..93b19cfcf8 100644
--- a/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
+++ b/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9689e0b6-06ea-4d3b-81e1-14d54a16806b",
+    "id": "bundle--fa2463b3-2c1a-45ea-950c-4885f8f054c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json b/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
index 01aee6dea8..4af653bf80 100644
--- a/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
+++ b/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ea2b6a7-35b4-4bc1-8068-17956be87f1b",
+    "id": "bundle--f04d5061-128a-43d2-88b3-5bea922616bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json b/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
index 072432b701..fa780b93c0 100644
--- a/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
+++ b/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ede3832a-7491-49db-bb19-24740d2eb047",
+    "id": "bundle--1eb01ad5-c3a4-4d7a-bdd8-4b4de78c0dea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json b/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
index 60febc27a5..dbeb8ac8f4 100644
--- a/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
+++ b/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--465835dc-bfea-47f9-978b-08b7c73ef52c",
+    "id": "bundle--e71dc83d-d284-4367-99f5-1d776b9735fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7.json b/mobile-attack/relationship/relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7.json
index fcd8ee8e6b..9f880dbfd2 100644
--- a/mobile-attack/relationship/relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7.json
+++ b/mobile-attack/relationship/relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4676844-a790-4322-8ac9-19fb5959b967",
+    "id": "bundle--d30f98e1-f73a-4f23-9e0a-9e4f654e1d26",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json b/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
index e868c932e9..3888151521 100644
--- a/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
+++ b/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7285984-7cdd-4966-a10e-566545a016eb",
+    "id": "bundle--26ce5edd-f935-49d8-8d0c-78a3a893df27",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json b/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
index 7e745b95b1..b883741fbf 100644
--- a/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
+++ b/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a3e26a8-b6e2-4901-b939-af0473df313d",
+    "id": "bundle--401f5580-5ab9-4844-847e-af5c975a0471",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json b/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
index 5ae0032ee7..a204b88976 100644
--- a/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
+++ b/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--323c0487-e789-4779-ae0a-a10196c4caf1",
+    "id": "bundle--d1dca690-0a72-4f55-8032-edea1df830eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json b/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
index c5e9c71bcc..f2aa1e6bc7 100644
--- a/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
+++ b/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e880911c-84e4-408e-b605-86e104d2d5fb",
+    "id": "bundle--8fab4e6b-3a0f-4cdc-8fbc-d363ecd422e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json b/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
index 81fabebe20..6cb6ab7b2d 100644
--- a/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
+++ b/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b981a93-ae81-46ac-bdc0-e98373c2259c",
+    "id": "bundle--ce25419a-3655-4586-8b79-76b64453c4e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json b/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
index b5d211ad17..e3ee66cfa3 100644
--- a/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
+++ b/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ab5ab58-ea1c-443a-b2e4-f9a74ef70a24",
+    "id": "bundle--da2a9fd7-1f12-439c-81d6-c01b7ccd6dcf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--322d0123-ea4c-4562-a718-672952c83d05.json b/mobile-attack/relationship/relationship--322d0123-ea4c-4562-a718-672952c83d05.json
index d5a589e9f0..808691aa3a 100644
--- a/mobile-attack/relationship/relationship--322d0123-ea4c-4562-a718-672952c83d05.json
+++ b/mobile-attack/relationship/relationship--322d0123-ea4c-4562-a718-672952c83d05.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8eb332bd-59fb-4ef5-8acf-ecb5391d7365",
+    "id": "bundle--e3ec1ca8-40eb-46b1-b094-c00fa2d231f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json b/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
index 461d943f65..9d45ac17d8 100644
--- a/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
+++ b/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--edbfbedb-123a-45d6-b325-9a31cebbc4e6",
+    "id": "bundle--185e2aaf-b391-4c33-824b-a6711b9bd55b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json b/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
index 77b85e6936..00e65ed6f0 100644
--- a/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
+++ b/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d468995e-273a-42d1-a286-a552662ccd6f",
+    "id": "bundle--d7c4ba06-0c64-4a78-a12a-a5fbce6e7329",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json b/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
index 11d45a25d7..9803403d85 100644
--- a/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
+++ b/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3613a213-8a76-4b48-b94a-cd064aa80b5e",
+    "id": "bundle--2015d265-fa4a-485b-8260-d7fa5cd0da4a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json b/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
index e9e3ef46fa..c4d9f41bdc 100644
--- a/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
+++ b/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--234fd797-9c7b-4388-afd6-b4533f3711c6",
+    "id": "bundle--c061d4b0-7845-4bc8-a49c-488c2c36eaf4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json b/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
index 77c36b2edf..8ff280550b 100644
--- a/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
+++ b/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5293560e-09af-4f65-837f-d26a779849d5",
+    "id": "bundle--ab5f5732-914c-4c4f-8a40-a6da86e43622",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json b/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
index 102f700c62..1052248461 100644
--- a/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
+++ b/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--18e8a27e-7c36-44f1-90a9-7ce8a0cfaa80",
+    "id": "bundle--9c7e1ddf-9995-48d1-9483-15998035110e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3364dd33-c012-4aaf-852b-86e63bd724ac.json b/mobile-attack/relationship/relationship--3364dd33-c012-4aaf-852b-86e63bd724ac.json
index f987ce9c50..3b2a445183 100644
--- a/mobile-attack/relationship/relationship--3364dd33-c012-4aaf-852b-86e63bd724ac.json
+++ b/mobile-attack/relationship/relationship--3364dd33-c012-4aaf-852b-86e63bd724ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d37ec12f-26be-4e8d-93e6-36f766aa41e7",
+    "id": "bundle--aee84481-0172-445b-939e-a3af2bdfc0c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json b/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
index bb2d9fee2b..1039071d8e 100644
--- a/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
+++ b/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b2a82e5-e4a4-48b6-9ac3-6004ce64e8a7",
+    "id": "bundle--f2b6ef2b-638d-4fa2-96d2-fa971c1b8a9c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json b/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
index 33c77e2783..1d7aed2052 100644
--- a/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
+++ b/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b54e574f-a83f-472d-b765-1e5256c8e2cc",
+    "id": "bundle--85142859-e24b-422b-9b00-a771af319b05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json b/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
index f36a9ed2a0..f8f5f519d4 100644
--- a/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
+++ b/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--acba4480-2f11-46e8-971f-63cfdde634e7",
+    "id": "bundle--616be966-1948-4297-90e5-596631d3189f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json b/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
index 335a75c45a..d7f335b9b1 100644
--- a/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
+++ b/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e568c07-3612-4f8c-9dad-6a97780156a3",
+    "id": "bundle--6502ef23-b852-4e35-9f76-898cd812d1a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json b/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
index d9c032e6d4..5128290fa4 100644
--- a/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
+++ b/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61021e5d-50f6-4cc2-8262-4e6de1763948",
+    "id": "bundle--ef019cc4-d575-47ac-9962-917ee1b1676c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json b/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
index 1192c7f944..45711ee7b7 100644
--- a/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
+++ b/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--464f22bc-0ba6-4104-8e67-a83c772e029f",
+    "id": "bundle--e9337296-007f-48e9-a2b5-04da652e7eb4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34dd5c26-eec9-4288-8e53-677271d490b2.json b/mobile-attack/relationship/relationship--34dd5c26-eec9-4288-8e53-677271d490b2.json
index ea462adf19..5a18140d25 100644
--- a/mobile-attack/relationship/relationship--34dd5c26-eec9-4288-8e53-677271d490b2.json
+++ b/mobile-attack/relationship/relationship--34dd5c26-eec9-4288-8e53-677271d490b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9a7fd70f-128c-46bb-af5c-4cbdb10aa902",
+    "id": "bundle--76535428-89e0-44c9-a9a2-6cae9ee1a4d8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json b/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
index b37f136e86..5424c42a92 100644
--- a/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
+++ b/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ce0aafe8-27d0-420e-9359-eaaaa4d83b7e",
+    "id": "bundle--70c4431c-5990-4b82-952e-60baece0718a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json b/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
index e02dbb8830..9a96545594 100644
--- a/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
+++ b/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--94c6a3ce-1ba0-49e2-95d1-aae6debda2da",
+    "id": "bundle--c54bbc9c-ec2e-48ad-929f-2856270a2063",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json b/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
index 77304122e5..fa57866934 100644
--- a/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
+++ b/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ddbcd00-f616-450c-a87c-7767cd22a442",
+    "id": "bundle--c94fb5cc-67f8-4705-a69b-d75f9a75ad35",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3565140f-1570-494d-9d6f-91c9203ece69.json b/mobile-attack/relationship/relationship--3565140f-1570-494d-9d6f-91c9203ece69.json
index aa1776f7af..75a3b75aeb 100644
--- a/mobile-attack/relationship/relationship--3565140f-1570-494d-9d6f-91c9203ece69.json
+++ b/mobile-attack/relationship/relationship--3565140f-1570-494d-9d6f-91c9203ece69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c6358879-6ba1-425f-85a5-ae4518d1fe6e",
+    "id": "bundle--afcd3874-00a3-424f-a57c-37798a8cba78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35927c96-7645-4ef3-b3da-e44822386a10.json b/mobile-attack/relationship/relationship--35927c96-7645-4ef3-b3da-e44822386a10.json
index d817251c6e..2928199919 100644
--- a/mobile-attack/relationship/relationship--35927c96-7645-4ef3-b3da-e44822386a10.json
+++ b/mobile-attack/relationship/relationship--35927c96-7645-4ef3-b3da-e44822386a10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8c2295c-bb94-49f5-b702-6612902f3902",
+    "id": "bundle--56ebaf54-04b2-4217-a281-9fef7026df1f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json b/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
index 778e332f0f..2b71524bce 100644
--- a/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
+++ b/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3b40f81-ca1e-4775-8c5b-9aa2ddc0e1d2",
+    "id": "bundle--fd02872c-5333-4e3e-9af8-cb947e4d86b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json b/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
index 88f3cbf3b3..d36bc6d258 100644
--- a/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
+++ b/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e6cf887f-cb7a-45e2-b276-42f316b70d6b",
+    "id": "bundle--ff593ec0-0806-4d40-a89d-05c814cd4211",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json b/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
index dc1c1e8756..ad03ccabd1 100644
--- a/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
+++ b/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fba727b-864e-4074-9a05-30e419a4732a",
+    "id": "bundle--07c2f0bc-5e63-42a5-966d-ee2937a6230d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json b/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
index d425ac0e2a..aab880d91d 100644
--- a/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
+++ b/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae40bf04-51cc-4c03-9f68-b2409cdf22aa",
+    "id": "bundle--b8e058e2-8329-4fba-a099-fd054280618f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json b/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
index 359db4a704..8dbce25695 100644
--- a/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
+++ b/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--01cab9a9-54f8-4d2d-8a3c-755cbb199780",
+    "id": "bundle--d1e8c8fe-0003-4145-b81f-bc2e89dc0652",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json b/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
index 3356239acc..30d1a692b1 100644
--- a/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
+++ b/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72074b99-9357-4bbb-868f-1457e1c883f9",
+    "id": "bundle--1c0a08a0-8d19-4b30-9c80-fe8961a792f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json b/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
index 20013c4fea..6a55e88e10 100644
--- a/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
+++ b/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fae1b7ce-c5ab-4bc7-9aab-cab8412e85c6",
+    "id": "bundle--a18397ea-770c-4191-8736-aeae56d6a788",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json b/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
index bd2d80bef9..af15b0b1c2 100644
--- a/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
+++ b/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8215ce30-84c5-46a8-a8ca-05531db1802f",
+    "id": "bundle--169e24e9-ee8d-499d-a213-4987070af659",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json b/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
index 82efe5ee24..450cac8070 100644
--- a/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
+++ b/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2822960d-a89c-4c7f-b670-8ef13bd821a7",
+    "id": "bundle--ccfec82e-fbaa-4dfd-ab30-02c8768d3ca2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json b/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
index e16aa5c516..476f2736b4 100644
--- a/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
+++ b/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2ba3dcd-2d87-48a3-be47-e9f663d69ca6",
+    "id": "bundle--2a426867-24f0-43ea-9b92-e1cea3f09c6a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json b/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
index 612506168f..be1189fab5 100644
--- a/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
+++ b/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e1d2919-2723-4589-8e71-3c097b6e22df",
+    "id": "bundle--da575e00-2613-4d56-be1c-d195ecebcfc2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3841024e-1047-40fa-9e25-ac6d5c14612a.json b/mobile-attack/relationship/relationship--3841024e-1047-40fa-9e25-ac6d5c14612a.json
index 2628200adc..25c4071874 100644
--- a/mobile-attack/relationship/relationship--3841024e-1047-40fa-9e25-ac6d5c14612a.json
+++ b/mobile-attack/relationship/relationship--3841024e-1047-40fa-9e25-ac6d5c14612a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef84a23d-572a-4a4d-be3a-31fdb030a356",
+    "id": "bundle--0e4060b8-2061-461b-b7c3-1616a209b077",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3857f790-6ea1-4f37-8d90-90904f175d63.json b/mobile-attack/relationship/relationship--3857f790-6ea1-4f37-8d90-90904f175d63.json
index 840ffcb241..4335d34f4d 100644
--- a/mobile-attack/relationship/relationship--3857f790-6ea1-4f37-8d90-90904f175d63.json
+++ b/mobile-attack/relationship/relationship--3857f790-6ea1-4f37-8d90-90904f175d63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a34bf306-f093-4e99-b7c2-87aadc737cd3",
+    "id": "bundle--1aac08a5-6368-4010-b9ed-66e024e2fb36",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json b/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
index f4e5f578f3..7a7abb298b 100644
--- a/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
+++ b/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7cfaeddf-b2c0-4c46-93b4-7afe812d48ad",
+    "id": "bundle--d2139d59-6812-4979-891f-069359b28f09",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json b/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
index f9405151d6..ecc043067c 100644
--- a/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
+++ b/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3fe16b6-a0af-48d5-bcdd-04141994724e",
+    "id": "bundle--1f9a60da-e4d6-4250-876e-297315684a50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json b/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
index 5d7ff4df31..86b56185c1 100644
--- a/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
+++ b/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b66e6c6c-0d5e-4c9f-a0ef-1278901a661b",
+    "id": "bundle--ff014d6d-b23e-49ce-b81b-f9d15ce1fe08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951.json b/mobile-attack/relationship/relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951.json
index b11a04d03e..e8ae147614 100644
--- a/mobile-attack/relationship/relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951.json
+++ b/mobile-attack/relationship/relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ab8a595a-7207-432b-8696-1f988b07ce4a",
+    "id": "bundle--66c95b7d-54cd-4662-8735-3a367d340073",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4.json b/mobile-attack/relationship/relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4.json
index 9f0713aa7c..5df01172c7 100644
--- a/mobile-attack/relationship/relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4.json
+++ b/mobile-attack/relationship/relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed1193bd-7aaa-44fa-8a74-915f5dc38403",
+    "id": "bundle--c1d42152-48d4-4b17-80ea-0c6499d12624",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json b/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
index aa42bd8df6..22bf6d34d4 100644
--- a/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
+++ b/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d0caa3b-77eb-482e-8a5f-1e137e4ffb87",
+    "id": "bundle--3589e96a-05e3-4afb-a7a7-d2d28dd81611",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json b/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
index 41ac5b2f75..4e34373bf7 100644
--- a/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
+++ b/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--62b7c3b9-b77a-43e6-86da-17d5d028cc94",
+    "id": "bundle--b17b7929-76fe-4bed-914c-4c98bb7deab5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--393300c4-6852-466d-a163-1d51330fe055.json b/mobile-attack/relationship/relationship--393300c4-6852-466d-a163-1d51330fe055.json
index 207c845198..94bfe334a4 100644
--- a/mobile-attack/relationship/relationship--393300c4-6852-466d-a163-1d51330fe055.json
+++ b/mobile-attack/relationship/relationship--393300c4-6852-466d-a163-1d51330fe055.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4a4e439-9b9b-4c76-9531-ee208c8d9e97",
+    "id": "bundle--7beb6e98-b92c-4ba6-9698-a5f55de1573e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json b/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
index 637a26a5eb..be6cde74d0 100644
--- a/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
+++ b/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3de86f08-bdf9-4f28-a135-c8020cf253c9",
+    "id": "bundle--2f44fc5e-e3d1-4ae6-a6c1-750ffe466b64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2.json b/mobile-attack/relationship/relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2.json
index 4f20165eab..db4c9eaeac 100644
--- a/mobile-attack/relationship/relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2.json
+++ b/mobile-attack/relationship/relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b5d9b081-9926-4560-9bef-046a193dba35",
+    "id": "bundle--00428b30-e29e-4a8c-8be8-117437f55872",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json b/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
index 3419fc6c21..dcf8989cd4 100644
--- a/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
+++ b/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--18b912cd-0122-442b-af84-4ae14dd919cb",
+    "id": "bundle--b21580fe-a1b1-4aa0-a460-9815eb595291",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json b/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
index ecc52bd7d5..77e86ffb72 100644
--- a/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
+++ b/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8920f877-65c0-4c1a-b8f0-40d0e3cb0902",
+    "id": "bundle--a4812ce7-512b-4a66-9998-996328051a5a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json b/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
index 6bc5b6ee6e..236bda5f08 100644
--- a/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
+++ b/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f69d12f8-0fd1-439c-ae6a-9469af364967",
+    "id": "bundle--935ca776-1a7a-44cc-a231-8d791b03c81d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json b/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
index 213669aaef..54d85b4ed8 100644
--- a/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
+++ b/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--28e1d79e-ac5d-4876-84c4-cf8d0575a21d",
+    "id": "bundle--b5d31a52-f427-458b-ad7c-75e2d3d0aa5b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json b/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
index 8a96d0cc39..13ccf25685 100644
--- a/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
+++ b/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff6f1946-7745-49a8-8ee9-27e962ce83b9",
+    "id": "bundle--70ac75c1-a759-484c-8e8d-5c47265f4b81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json b/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
index 83b67c5f19..7c93151a31 100644
--- a/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
+++ b/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dc01c53-34df-4a6d-959d-7e3c38a79982",
+    "id": "bundle--5b26a41d-1370-4603-83c2-5610f9c426c5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3b24a287-36e1-49b9-811d-c0080147ff57.json b/mobile-attack/relationship/relationship--3b24a287-36e1-49b9-811d-c0080147ff57.json
index d6aee74c44..74b6568309 100644
--- a/mobile-attack/relationship/relationship--3b24a287-36e1-49b9-811d-c0080147ff57.json
+++ b/mobile-attack/relationship/relationship--3b24a287-36e1-49b9-811d-c0080147ff57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7e7c340-54ed-4ca1-b75e-7410fc1366d8",
+    "id": "bundle--d6cdce79-44e0-4c63-8420-0891c614de8d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3be6ad82-722d-4699-8e3a-c1ea60018244.json b/mobile-attack/relationship/relationship--3be6ad82-722d-4699-8e3a-c1ea60018244.json
index 6c8b80ecdd..e4b915daa8 100644
--- a/mobile-attack/relationship/relationship--3be6ad82-722d-4699-8e3a-c1ea60018244.json
+++ b/mobile-attack/relationship/relationship--3be6ad82-722d-4699-8e3a-c1ea60018244.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b97549a3-00c7-47bc-a7e3-76f8f6ef2983",
+    "id": "bundle--df59254b-bf78-46ef-a402-e9c4a50c094f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json b/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
index 08bbf25252..aed53d64f0 100644
--- a/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
+++ b/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--325b0c6b-153c-480f-9871-fa3b1714100a",
+    "id": "bundle--426aa757-c16d-4af4-ae18-07821ed2e11b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json b/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
index edd6831898..01e10b371d 100644
--- a/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
+++ b/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aea763e7-e77b-415f-854c-a1c21d25b3d8",
+    "id": "bundle--8f03c01f-fccc-4d5e-b309-ce4c72c3bc08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json b/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
index 1beb6e916f..0f198cfaea 100644
--- a/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
+++ b/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--873fd4e8-9d2b-4756-9126-6f3caf16203c",
+    "id": "bundle--bc4e2938-ee81-4e4d-b6e9-d7283d09bff8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json b/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
index d7b4045596..22731bae95 100644
--- a/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
+++ b/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3b37c25-392e-42ce-9a4c-0609dbb5c02d",
+    "id": "bundle--0fc5506b-2b67-4f18-a49b-f32eefd0888f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json b/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
index b5565b7804..41d3b5f945 100644
--- a/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
+++ b/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c1c8564-ad74-46ec-9aee-4004beaad5b5",
+    "id": "bundle--1c0586b6-1c26-41d9-ae22-a32803fa499a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json b/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
index eeb0d25aa0..d04df7f0f6 100644
--- a/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
+++ b/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bedceeae-dcfd-4390-98c6-44b4bd753022",
+    "id": "bundle--0d0ff3c4-88e6-4e84-b014-27b1ff1bdab0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json b/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
index 508246fe26..fef87dc5a1 100644
--- a/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
+++ b/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b837f25-98ff-411c-a87d-1bbd37f49c8c",
+    "id": "bundle--ed193e26-d5b1-4c31-8ed6-8283f7aa9430",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json b/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
index 859bdfb8a0..534f383ee7 100644
--- a/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
+++ b/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c4e0ae2-a033-4d1d-8f19-8059181043c0",
+    "id": "bundle--f06f4817-3e8d-49fb-b6d5-361d043e3537",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json b/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
index 72af8da15b..5de84e0dc7 100644
--- a/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
+++ b/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9eec6bff-3708-4e7d-8d3c-7b6d69b61020",
+    "id": "bundle--1bfefb07-3b97-4f1f-9ab5-698ef1f556e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json b/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
index 28b9a2fada..5a786d88c3 100644
--- a/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
+++ b/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aaec0d06-230c-48ca-8cff-d5a7d1d04b99",
+    "id": "bundle--c5c90942-13f2-4ad9-bdf3-d726c70bf564",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json b/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
index e0bc8a0ebb..c4a7b80d9d 100644
--- a/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
+++ b/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdc235ab-9c4a-43e3-9b86-8b801bb21639",
+    "id": "bundle--0692cc50-4489-4278-b8f4-a3fcc6bd1d54",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3d65c2b7-c907-45e1-b942-95f7d765e749.json b/mobile-attack/relationship/relationship--3d65c2b7-c907-45e1-b942-95f7d765e749.json
index cbe81ffb67..2331ae735b 100644
--- a/mobile-attack/relationship/relationship--3d65c2b7-c907-45e1-b942-95f7d765e749.json
+++ b/mobile-attack/relationship/relationship--3d65c2b7-c907-45e1-b942-95f7d765e749.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1e8728e0-4fcc-492e-91bb-4cf0d8464802",
+    "id": "bundle--48c6553f-378d-4d9c-b96f-007dba432b75",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json b/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
index 2f8f346c45..421005bb23 100644
--- a/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
+++ b/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1fa78167-29ad-40bc-938d-9024ea3d312c",
+    "id": "bundle--b88b9c63-3dba-40d1-b7dd-a93db62eb877",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json b/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
index 40fe9f2a8d..e0e52a3fa0 100644
--- a/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
+++ b/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b7481d9-b4fe-4028-9553-b7282e6ff60c",
+    "id": "bundle--1aae73bc-9da2-4ddd-9f42-c05b533b702c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json b/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
index 93a15c4273..cb0aa57c01 100644
--- a/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
+++ b/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8007f53f-41be-4516-82aa-9c69f5af08d6",
+    "id": "bundle--4bfaf6a6-3d29-4b63-9a0c-fd5e1dea597c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json b/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
index 0fb36fecf2..13defa6961 100644
--- a/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
+++ b/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c836ab8-ce26-4eb2-b6bb-e01b41b1c370",
+    "id": "bundle--e25f8bc6-99b7-4fe7-a939-01ebd1addbe9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json b/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
index ed9f62853a..f6456be32b 100644
--- a/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
+++ b/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65ef0d79-2a21-4cbc-89b4-ff262b726b35",
+    "id": "bundle--d63a9dcd-b0f6-497b-8e73-77501d3bff5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364.json b/mobile-attack/relationship/relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364.json
index cc7d05c528..ea15797d16 100644
--- a/mobile-attack/relationship/relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364.json
+++ b/mobile-attack/relationship/relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9123a32e-f48e-4fd8-926f-d01df68821d3",
+    "id": "bundle--29f26d97-0ade-4628-9625-50751d587bfe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json b/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
index 33c9b1e2bf..333365ec7d 100644
--- a/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
+++ b/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--45cb0ee5-cd19-4656-8891-e78a89b7db6b",
+    "id": "bundle--156743a5-7198-4b10-b825-210f4e9b556b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json b/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
index 63c29a3ce0..1e296dccf7 100644
--- a/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
+++ b/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4c2c767-106c-4357-8dbe-ddb016e6c5f6",
+    "id": "bundle--400a4770-6fde-4ad4-a2d3-f3bc6b708759",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json b/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
index a4b4f4ee4a..a446da6e34 100644
--- a/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
+++ b/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--01751c1c-4f6c-4f0c-8550-337b1403a36b",
+    "id": "bundle--f3798ee1-d75d-46bb-8c19-4ac8e9a372cb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json b/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
index 5e369a6407..f6b172a9e4 100644
--- a/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
+++ b/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--199ae678-07f7-4d81-b2d5-12c0a0e2ea0a",
+    "id": "bundle--e92a2c8b-a0db-47a4-966b-5a08086a58cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json b/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
index 89e53d5bcd..e2264e9544 100644
--- a/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
+++ b/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e49dadca-9ba2-4a63-b78d-fe561ba14ad7",
+    "id": "bundle--b322aae2-8485-4903-8809-2af6152dee2e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json b/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
index be1140c4b5..8e058f58c5 100644
--- a/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
+++ b/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b1267ee-6572-43b1-832c-f6498253b733",
+    "id": "bundle--91c6e5e7-4035-4fd4-80f9-efcafdeb209f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd.json b/mobile-attack/relationship/relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd.json
index d1082a7918..7e39c5974b 100644
--- a/mobile-attack/relationship/relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd.json
+++ b/mobile-attack/relationship/relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a0fe8ff3-73cb-4f28-897b-e34fb72ebd00",
+    "id": "bundle--622248f8-a55e-4ea7-848f-56920dfcbd28",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json b/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
index 3b0d79e1d2..ffb60b98c5 100644
--- a/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
+++ b/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--293c65a6-04d2-441c-9bc7-9bb658d11b43",
+    "id": "bundle--34741ac4-533e-4630-969a-c730c8ea6855",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json b/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
index 9ef3ae5148..7cb58f82a6 100644
--- a/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
+++ b/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--729169c5-d840-49da-8dae-b2a908feb18f",
+    "id": "bundle--27056a17-1c10-4c61-9674-b0e52d80bad0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json b/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
index 533065e0ae..7c0f969998 100644
--- a/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
+++ b/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c55ce305-2f93-49d9-b01c-0d7bc97da8ae",
+    "id": "bundle--b8e7ab98-b97e-47c5-8fde-d5cde385f072",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json b/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
index a7286a72d9..7557b983f4 100644
--- a/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
+++ b/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f49f0f7-e314-4667-bdb2-e269c3ce3fe4",
+    "id": "bundle--b3675505-ffe8-40fe-860c-326c5a6ef3e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json b/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
index 3b26508312..e1bc8f5d6d 100644
--- a/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
+++ b/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb79d512-7dfe-4063-a006-c328be76e5fa",
+    "id": "bundle--b0dd62ff-692f-4828-8243-11e766bf1fae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json b/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
index 7efa0b774d..384349d0b1 100644
--- a/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
+++ b/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--866e9805-aef3-48ba-8689-06f4bb8685be",
+    "id": "bundle--d2c1630d-3be7-4f65-a3b8-9c32372923e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json b/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
index 79c59c3def..47b4acbd5c 100644
--- a/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
+++ b/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e6d1640-4cae-47b8-bc0e-e796338379a4",
+    "id": "bundle--f4328a5f-abba-444c-b43a-1ba83e954f0b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json b/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
index df428de73a..fd3eee63e8 100644
--- a/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
+++ b/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--682c93ec-cca3-41df-bbbb-63dbbe31a4d7",
+    "id": "bundle--2315f47a-25d1-455a-bc95-f583ed572eba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json b/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
index 7d53700725..db72593ca3 100644
--- a/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
+++ b/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2a37f31-e9ef-4a69-87b6-bd056d8e78e5",
+    "id": "bundle--17f2fb75-3cbf-44e8-b782-299711ee87a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json b/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
index 31ac7718fc..bbe50f8f28 100644
--- a/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
+++ b/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a80a718-b73a-45fc-bc71-a32d5c871d64",
+    "id": "bundle--22390766-7c21-40b2-a2cf-8f23625dd162",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json b/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
index 6bd8a4403c..d1c3ad5792 100644
--- a/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
+++ b/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33900fb7-ce72-4f06-a24b-3c9c90f8e097",
+    "id": "bundle--e62d6218-3634-4d28-a93a-f7824ef332e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json b/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
index 186616f1d8..997f3b601e 100644
--- a/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
+++ b/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1afb895-9228-43c0-9751-6c7165736115",
+    "id": "bundle--d542005f-4191-4ee5-a9b5-f0f19a738789",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json b/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
index 8792d3e777..839d9c1314 100644
--- a/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
+++ b/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eedbc1de-31d9-49a5-aaf2-9261008c2dec",
+    "id": "bundle--9bd0317d-c31c-42b0-a3d4-bdeb2d8f3caf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json b/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
index 06bbb088eb..b18d117bff 100644
--- a/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
+++ b/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0412fc6-79e4-4268-a173-a35c240ea1f6",
+    "id": "bundle--81aa560a-c7d7-42a5-be3e-a3202bb992cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json b/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
index 0465198c07..ac51904260 100644
--- a/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
+++ b/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64dbfbf9-6943-4c34-be6c-05865ac3eb21",
+    "id": "bundle--72007b15-535e-45d4-b168-1052f33ef97c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json b/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
index c20a1d4fe0..351c9ae690 100644
--- a/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
+++ b/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de5c6783-0dac-48aa-8b46-6b72355b4e04",
+    "id": "bundle--c3b4d137-c713-4582-ba2b-9617f4a5b22c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json b/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
index baaa29fd23..a2eeed1261 100644
--- a/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
+++ b/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56a384bc-8e6e-424e-b346-db101075cac1",
+    "id": "bundle--07f263a2-0ede-44ad-95c8-8c034b001420",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json b/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
index 7aada2e706..dd50feb551 100644
--- a/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
+++ b/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5c4385a2-d5f1-417a-8da5-546e647703e2",
+    "id": "bundle--a39fac86-6379-4edf-b2a0-0c1baa335c49",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674.json b/mobile-attack/relationship/relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674.json
index ab06b74e59..7b15859775 100644
--- a/mobile-attack/relationship/relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674.json
+++ b/mobile-attack/relationship/relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9ee02b6d-2734-4bc9-80cd-aa14e5385685",
+    "id": "bundle--cdd6dc2f-586e-4832-9295-809e337ce2cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json b/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
index 7fe63d46f5..2bdf350f23 100644
--- a/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
+++ b/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6035dea5-3acb-4137-a921-1ee5a8916a28",
+    "id": "bundle--45171e8d-065e-4eb1-b5f6-f074cdcd4efe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json b/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
index 0880083b80..8c9de5f5a4 100644
--- a/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
+++ b/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--36cc113f-57a5-4e01-913b-43b1d05cfcd6",
+    "id": "bundle--06d25116-8bf0-432f-a685-ed55df530bc2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a.json b/mobile-attack/relationship/relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a.json
index 216de03a97..0368ad7370 100644
--- a/mobile-attack/relationship/relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a.json
+++ b/mobile-attack/relationship/relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a80cb2c-15cf-4305-91ee-50fa61c3b974",
+    "id": "bundle--0d8c2f2f-18c7-4e1b-94c1-8a682510803d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json b/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
index 3aba93c8ea..7b39d473ec 100644
--- a/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
+++ b/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f21d18e-05b5-4992-8089-fa3021a589c2",
+    "id": "bundle--678fc002-77ab-49e0-8464-7be3eca16958",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json b/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
index c75da0ba70..9dfd079877 100644
--- a/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
+++ b/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--572bb625-7fb5-4fa0-b431-761859b131fe",
+    "id": "bundle--72ad6498-ca56-4a44-b5eb-f56e35d7421c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json b/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
index da75ef6dc3..8d1d4973d7 100644
--- a/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
+++ b/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d649f0f-2c8c-45ca-a5fc-3c0f69460e5a",
+    "id": "bundle--01b14abd-4f94-4bf3-b20a-78e4ea4d0521",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json b/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
index 4b8926691b..cb5ecce1f3 100644
--- a/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
+++ b/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bca380b0-7815-4c57-a65b-35500fa5d2a1",
+    "id": "bundle--205c50df-af4b-4512-b501-dfbd0d7098a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json b/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
index a1962e6d7f..24cf8b94e0 100644
--- a/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
+++ b/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d45bc0bd-fc1a-4269-9d20-929769259d7a",
+    "id": "bundle--b9c8c71f-7316-4da5-ac03-1046c7f618b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json b/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
index 55685d6d6b..0966174f33 100644
--- a/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
+++ b/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9e3e52b-a337-4283-be64-1b3398f4f2cf",
+    "id": "bundle--8abd2558-4ba8-4895-895a-e484b3118b4b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2.json b/mobile-attack/relationship/relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2.json
index 30ce4b7fa9..22e430cc87 100644
--- a/mobile-attack/relationship/relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2.json
+++ b/mobile-attack/relationship/relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ce99c84-1f3d-457a-95c1-ab26b6374abb",
+    "id": "bundle--f81f3b85-b6d8-4d05-8392-0ff11547fb83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json b/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
index bc879d1a6f..8c960318b8 100644
--- a/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
+++ b/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb9178d5-f3f1-417a-b27a-8efdd52330a6",
+    "id": "bundle--4281301a-319c-4b15-85e9-469b10d34ceb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json b/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
index 68c242593a..57c2be3557 100644
--- a/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
+++ b/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c296fb2c-c9a2-4932-b0d2-48ed8a3c63b7",
+    "id": "bundle--77899ee6-54fd-434c-b00e-1d0c24576cdc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json b/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
index c9a2ac18aa..7b2feb953c 100644
--- a/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
+++ b/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b59b928c-463e-431f-8b73-3cf27989cd79",
+    "id": "bundle--31af4a74-09f5-4326-8d2d-2079df5b3afe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json b/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
index d7d9ec0ec5..81e18bdb9c 100644
--- a/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
+++ b/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--672df71d-75d6-4fd9-aba4-ec30cbf2b515",
+    "id": "bundle--2c1d0843-29cd-47d1-b108-a8fc59a22b08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json b/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
index e8e08d1e74..27ace50104 100644
--- a/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
+++ b/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c90e5eb-3ade-4362-969f-a31037093d47",
+    "id": "bundle--0dc746cc-d42f-480b-92c8-74d06c734743",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json b/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
index 90e61f0702..6d2e3c1cb8 100644
--- a/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
+++ b/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38c9138d-4b1a-44c1-bda4-cd1718296c2e",
+    "id": "bundle--d06b5107-e935-4b7d-aac1-8afd2872e78d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json b/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
index 34645be3fb..9445b86528 100644
--- a/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
+++ b/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4972aa4-0370-4cff-9910-74e898053214",
+    "id": "bundle--ae9e0b91-b3ed-4eec-87ab-4acc8af2cca1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json b/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
index 8258b6d98a..924e4fa514 100644
--- a/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
+++ b/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c6714fb6-d4ea-4e71-baf4-4c569cd6f218",
+    "id": "bundle--e9a357df-f4b3-4b11-b457-c1ee91bfebd6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json b/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
index eeac61dba4..35838b6066 100644
--- a/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
+++ b/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--255395a5-e962-402f-b652-41b57cf48512",
+    "id": "bundle--07900c15-e74f-4b99-afc1-808d032c57e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json b/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
index 3879615571..b52178f610 100644
--- a/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
+++ b/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--48507f54-dbe2-4445-a9c1-dfab6d752e31",
+    "id": "bundle--64db21ba-61a6-4b22-ba3c-6cf6658cc5af",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json b/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
index 1bc94b53f9..ea0ab40583 100644
--- a/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
+++ b/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--373aefa1-74a8-429b-aba2-0f05ce364e66",
+    "id": "bundle--37a872b5-ae7d-4d4a-9e99-f3d3a3f53683",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json b/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
index c9767d26df..b93538512d 100644
--- a/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
+++ b/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d372e4e8-32b9-48cc-8a99-f943894b8b71",
+    "id": "bundle--0841b8e2-1eb8-4147-bfeb-62011c226862",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json b/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
index 974446e0a2..873862da25 100644
--- a/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
+++ b/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--084df25d-ac6b-4b09-8eda-81e9c545f178",
+    "id": "bundle--481405bc-a358-44e2-ac62-0c8e048319f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json b/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
index 8090dbf8b8..1c39cb8193 100644
--- a/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
+++ b/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8157e263-4eec-4f48-8b7d-8b315ebd6821",
+    "id": "bundle--41bc6cdc-74e8-4e26-8b63-954abfa77870",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--481e5d33-eca4-453c-9fec-27ee01d50989.json b/mobile-attack/relationship/relationship--481e5d33-eca4-453c-9fec-27ee01d50989.json
index a40c16c2b7..969f441978 100644
--- a/mobile-attack/relationship/relationship--481e5d33-eca4-453c-9fec-27ee01d50989.json
+++ b/mobile-attack/relationship/relationship--481e5d33-eca4-453c-9fec-27ee01d50989.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7152fdf7-4649-41d9-b851-e666d175083e",
+    "id": "bundle--b745094a-d341-4b20-87ea-0d4f69d2232e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json b/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
index 93e90cb0ff..e208c2f11a 100644
--- a/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
+++ b/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eee73388-f2ab-43c5-812a-4dcbf70b1634",
+    "id": "bundle--434527ed-c36a-4c38-a04a-c4be83f4a7ea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json b/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
index 3f916a6c99..b5de470fc1 100644
--- a/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
+++ b/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--957c774e-d68a-4c44-a409-320504fa0706",
+    "id": "bundle--9d367e99-1078-40f1-878e-387a2872f09c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json b/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
index dcd6df91c7..e18a800fd2 100644
--- a/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
+++ b/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44082be7-7dd5-42a3-9756-bceb1bcd6528",
+    "id": "bundle--34cf7926-9edd-40de-845c-01e1104fb358",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json b/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
index 44a7fbf4b8..82de04fbe0 100644
--- a/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
+++ b/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--afe81907-01ef-4a43-99bc-e1a1914a7ddf",
+    "id": "bundle--18f92ba7-8833-4acb-9d40-c3fa0eeb10d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json b/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
index 23f47cf2f4..27cd44886f 100644
--- a/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
+++ b/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--457ded79-d248-4493-8cb2-04aec3cbfdc4",
+    "id": "bundle--160b3e5e-8b85-4717-8987-faf4eaf9530b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json b/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
index a9f7a884ac..f76d34f914 100644
--- a/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
+++ b/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9317b6ff-0dcc-44f5-85a6-7d029f52b8df",
+    "id": "bundle--c1ebb7e4-22f7-4a9d-84b0-704cc37672ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json b/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
index 8ab5e29b73..0b8426e538 100644
--- a/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
+++ b/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d4f4c36-ed87-405e-89f5-57efab9424ea",
+    "id": "bundle--afc71c69-eb6f-4606-9ee8-e675033f83ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json b/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
index 5107e271e8..a9fca00d23 100644
--- a/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
+++ b/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ab12e54-9ef4-4dac-85f9-f7d66f03763b",
+    "id": "bundle--cca35983-f1d0-4196-a98e-81ed61d6617c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json b/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
index ef1dc93907..2e0caefb67 100644
--- a/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
+++ b/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3d50f63-8080-44a6-aaba-093f5655e16c",
+    "id": "bundle--0801ee2e-b562-44a3-bd61-400341c5f6b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a408dee-07da-4855-b2ff-be512480ccb5.json b/mobile-attack/relationship/relationship--4a408dee-07da-4855-b2ff-be512480ccb5.json
index c87ae91ed6..ea05fca387 100644
--- a/mobile-attack/relationship/relationship--4a408dee-07da-4855-b2ff-be512480ccb5.json
+++ b/mobile-attack/relationship/relationship--4a408dee-07da-4855-b2ff-be512480ccb5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--728a3694-2c7c-4257-b962-c7eb59d33cc8",
+    "id": "bundle--bbe4db23-9934-4ca3-a399-36da3dc604a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57.json b/mobile-attack/relationship/relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57.json
index d50aeb35fd..4c642a44b2 100644
--- a/mobile-attack/relationship/relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57.json
+++ b/mobile-attack/relationship/relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa9283fd-3a1e-4237-9efb-b6550cdd9d34",
+    "id": "bundle--befe3362-4bc8-4330-9b6f-baa29e64aa2e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5.json b/mobile-attack/relationship/relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5.json
index b9d4b2bdbf..31ae23b476 100644
--- a/mobile-attack/relationship/relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5.json
+++ b/mobile-attack/relationship/relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca52f303-adc6-4aa8-ba7d-eef7cf48873e",
+    "id": "bundle--0ac10da1-4943-4edb-8b0d-50c59d164393",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json b/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
index a987e9714c..72b68e5c5b 100644
--- a/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
+++ b/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22123153-f510-4404-b9c2-09a6bd0c8640",
+    "id": "bundle--86b88298-c5ad-4feb-9a70-69b8c604dcd7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json b/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
index a316d46677..38114d808a 100644
--- a/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
+++ b/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1f0ad89-872f-4d4e-aadb-f96ecc0c949f",
+    "id": "bundle--a2d0b2e9-78c2-4152-9165-3f9e1bfd9021",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json b/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
index bcd2cb908a..ba5b8058e1 100644
--- a/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
+++ b/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c886e41b-e260-42e6-b128-9423583ee528",
+    "id": "bundle--c8b90f64-ac4a-497d-ae69-175cc21db163",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d.json b/mobile-attack/relationship/relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d.json
index 9630ff9d83..7b0123c2a1 100644
--- a/mobile-attack/relationship/relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d.json
+++ b/mobile-attack/relationship/relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0bf2d9e6-5937-4618-baf5-3bfbfb68ed63",
+    "id": "bundle--8db9475c-e9fc-4f4c-b03e-b670785e590b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d.json b/mobile-attack/relationship/relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d.json
index 2762e65e5b..abea537c9c 100644
--- a/mobile-attack/relationship/relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d.json
+++ b/mobile-attack/relationship/relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--63ab54b6-708d-48b9-85d2-e138324949d9",
+    "id": "bundle--29dad8fc-13e9-444e-9440-64750f39a7fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json b/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
index fb6d6c8bf4..4e59f84e8a 100644
--- a/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
+++ b/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--392ed735-355b-412a-9615-d636b8b59a60",
+    "id": "bundle--1dfdc1df-c2f2-4df2-be7d-d8941ae29e46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json b/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
index 550e8284ad..61172b67e2 100644
--- a/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
+++ b/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0735bd07-bb09-4a05-a000-c821615b8174",
+    "id": "bundle--88d2bf2f-d1c6-4862-8460-86730d7eb34d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json b/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
index 7a4d15dd09..f12c776c87 100644
--- a/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
+++ b/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--faa8c512-eea7-4408-9f62-69cd4e6f6108",
+    "id": "bundle--25f84bbd-d77b-4bf4-a387-ff17411f9ed3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json b/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
index 6061f51167..3efe7fc844 100644
--- a/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
+++ b/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a96b4ac7-0a70-4200-be3b-7be9cef8e4b3",
+    "id": "bundle--6743a40a-51af-4962-b7fb-119d28335852",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json b/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
index 6005cb32d2..069108fcf1 100644
--- a/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
+++ b/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f630583c-a2fb-48b4-8267-388da729d4be",
+    "id": "bundle--bc360c0c-be50-4736-8544-2aecfeddb1f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json b/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
index 7d33a546ff..f36019140a 100644
--- a/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
+++ b/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a5b83e8-fe7b-43d0-b6d9-396c8236a378",
+    "id": "bundle--c42f0b27-f8ce-415a-b85e-0754b601e749",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json b/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
index 5ac00b7530..23f99b6b48 100644
--- a/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
+++ b/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7304a1c0-6dc2-48f2-a7b7-243a47805e7a",
+    "id": "bundle--4f3ae7fc-1dae-44e2-90fb-80fc444d5d52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b7e117b-0c82-49d0-bee6-119158b3355b.json b/mobile-attack/relationship/relationship--4b7e117b-0c82-49d0-bee6-119158b3355b.json
index 64a841a7e9..05d6a39880 100644
--- a/mobile-attack/relationship/relationship--4b7e117b-0c82-49d0-bee6-119158b3355b.json
+++ b/mobile-attack/relationship/relationship--4b7e117b-0c82-49d0-bee6-119158b3355b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c7c20536-99cc-4b46-aa65-063e5ae67019",
+    "id": "bundle--969fe2be-67d9-455d-b004-71aaca8becf2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json b/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
index d8876722ff..27effe0719 100644
--- a/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
+++ b/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--76e5ccc7-7871-42ee-a5b8-65725487f26e",
+    "id": "bundle--5873581f-b399-4bef-a446-4884aeb48d71",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json b/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
index 6263996c30..b7a88a71ed 100644
--- a/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
+++ b/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--579f118d-8645-4964-9c64-4505aed6a2c0",
+    "id": "bundle--04bf6f81-3b49-4b4b-a3ec-8319265e4b78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json b/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
index ed15d17a45..14d97288f4 100644
--- a/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
+++ b/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3155a3bd-35fc-4f5c-9736-335c4f606602",
+    "id": "bundle--13b3a0ac-b7c2-46ff-9cf1-91a0955e7399",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json b/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
index 7529ff68b0..1e6bcc515f 100644
--- a/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
+++ b/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f68d90ea-fdd8-4409-bc15-64c6ea91ae5b",
+    "id": "bundle--8e22ff2e-8594-40cc-a701-86a63698608f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json b/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
index 8ca9a4eab5..2c4ca2da49 100644
--- a/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
+++ b/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3649ac5e-84ce-49ce-be11-82997ee0a75c",
+    "id": "bundle--cdccbc2c-c838-450e-9366-13ef98349aa6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json b/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
index eb7de7ac58..d72b294094 100644
--- a/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
+++ b/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70f68593-4cb7-4d63-a133-52ae9753f96a",
+    "id": "bundle--bd2022e3-39bc-409d-8e69-ae50f3b5a449",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json b/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
index eaef63afc0..fe91024235 100644
--- a/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
+++ b/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--867ee55d-68c0-424d-a29d-0904c1632fea",
+    "id": "bundle--4040a917-ecd2-4fe7-8873-753dc8270cc2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1.json b/mobile-attack/relationship/relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1.json
index 97ec11869c..492b7a72e7 100644
--- a/mobile-attack/relationship/relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1.json
+++ b/mobile-attack/relationship/relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--79e475cf-1bce-43ad-8227-ae21a6dd2b5b",
+    "id": "bundle--7496885e-28ff-4dd7-bc6e-abfe83a284e1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3.json b/mobile-attack/relationship/relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3.json
index b953983241..934e9ebc16 100644
--- a/mobile-attack/relationship/relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3.json
+++ b/mobile-attack/relationship/relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e6a2c6f4-17b2-447b-85fe-33d6a24494cc",
+    "id": "bundle--5f912c5d-5e17-48ad-9e03-85c847d05bc4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json b/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
index a3304766d6..e36be4e999 100644
--- a/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
+++ b/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f12646c-f124-4227-ab86-e3734f0c711e",
+    "id": "bundle--77b36364-02b6-4e7f-a3ab-7d0c606996b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json b/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
index 9baeeb6e7d..0ea04a9c5d 100644
--- a/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
+++ b/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc1f2377-49ea-454c-8543-803203da9a7e",
+    "id": "bundle--5555432e-1246-42e3-86f5-a5f3f87c9a31",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json b/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
index 8b1c62f5a2..36eb6db99e 100644
--- a/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
+++ b/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2bdd0e9d-3c0c-4806-afe7-fbb183ce9aa1",
+    "id": "bundle--c5dbbe66-be7a-4491-bd2b-a242f197a20a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json b/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
index 0e4e987677..beb7c343c2 100644
--- a/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
+++ b/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bfebcc21-4a15-4171-8961-b61264622108",
+    "id": "bundle--d2b6dfbe-ec7a-4cca-aed9-f1c0d8cd161f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json b/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
index 09098ee8b0..8bc5f552a2 100644
--- a/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
+++ b/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--31dc7a0a-7935-47f9-a41d-b8e77160dde8",
+    "id": "bundle--909b06e9-624f-4538-8c7d-7d588d1bf096",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json b/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
index 10dc3fc24a..dfaf15c79b 100644
--- a/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
+++ b/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20151a3a-2a63-4823-8f91-cc8e538e58e0",
+    "id": "bundle--e0d4382c-e4de-4c6a-9101-825e3885f022",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e68feca-083f-40ed-88d8-2b6a3935c949.json b/mobile-attack/relationship/relationship--4e68feca-083f-40ed-88d8-2b6a3935c949.json
index cc581ef330..85ac97f6f5 100644
--- a/mobile-attack/relationship/relationship--4e68feca-083f-40ed-88d8-2b6a3935c949.json
+++ b/mobile-attack/relationship/relationship--4e68feca-083f-40ed-88d8-2b6a3935c949.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e6dcf8e-0c08-4aab-b745-2df35627a13d",
+    "id": "bundle--f477dba4-d678-41d8-b3c5-7656456962a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json b/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
index 6a64b27b18..24033bf7e1 100644
--- a/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
+++ b/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f409cfc9-f2b5-4e98-b296-0bc13442769b",
+    "id": "bundle--57e3ca47-8c69-436c-a44d-773043d724a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json b/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
index 48dcccd75e..fb47148f72 100644
--- a/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
+++ b/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--166b158a-c32f-46f4-b85c-853cdb36f202",
+    "id": "bundle--e3dca575-0f73-40c2-82c3-56f12e8c6129",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json b/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
index 0d456eac7d..87950b7ef3 100644
--- a/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
+++ b/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--282aed15-ff64-4975-b10b-1c4fc682cb50",
+    "id": "bundle--a72e2402-ee53-4c70-99c9-7785b466e5ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json b/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
index aabde853fb..8d00530a44 100644
--- a/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
+++ b/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ce6154e1-97da-4241-adb7-ce5b66a03615",
+    "id": "bundle--41827f8a-991f-4876-a8e6-ab540f6ae58d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json b/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
index e4d8a82aec..bdb8449493 100644
--- a/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
+++ b/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3786fd7-edba-42ca-b7cd-155eb8498cb7",
+    "id": "bundle--350ca226-639f-471c-8907-0656391d4f66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json b/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
index 9b9f571e7e..63bf2cf06a 100644
--- a/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
+++ b/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7bfdd51-d1e0-4b13-b86a-3e03923b5397",
+    "id": "bundle--717a1a23-59aa-4588-b0b0-b850b44cb79a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json b/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
index 8c6acd745b..2610586e65 100644
--- a/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
+++ b/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0ea2098-2fc4-424f-8362-bf9d9c5ea786",
+    "id": "bundle--9ee546b1-477d-40fd-8bfb-979ee8a27f0f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json b/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
index 571595d8f5..34f3488520 100644
--- a/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
+++ b/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2df4a68-ea7c-4011-aebc-b1443bc5af49",
+    "id": "bundle--f817f72d-fd9f-45df-8efe-7d42e42c420a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json b/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
index 7a5f1ba584..bdca7f7782 100644
--- a/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
+++ b/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6fa46553-9408-460e-8148-79971b27412e",
+    "id": "bundle--c6dbf737-2f56-4ae3-b5b4-4434a60b7ca5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json b/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
index c89f867839..16390b826c 100644
--- a/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
+++ b/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--413a444d-1309-40d0-8e44-6773bcacf6ea",
+    "id": "bundle--836ad250-6402-4947-86da-3a08d1f469be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json b/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
index e52e3f6746..80bc8dcfb5 100644
--- a/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
+++ b/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1928726-a3b7-433c-9f73-b5d818196784",
+    "id": "bundle--50e3a4c9-a531-4db3-b3de-b2c1ec0e9d57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3.json b/mobile-attack/relationship/relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3.json
index 5e5005c797..4b4c926480 100644
--- a/mobile-attack/relationship/relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3.json
+++ b/mobile-attack/relationship/relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed7accc2-ea84-4776-936a-ff1c405d37bb",
+    "id": "bundle--1484a0ae-7726-47f8-b141-dc8a33471384",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json b/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
index fbf7eb5577..1aa700ee5d 100644
--- a/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
+++ b/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e1752771-21b7-4883-ae0e-73da0ac274f9",
+    "id": "bundle--9544c70c-ea93-4521-9f61-cab5c77ce79d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json b/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
index ae7c7e23d6..5b6a7bd496 100644
--- a/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
+++ b/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f9a7a90-bac5-4264-b41b-02c7d5bcd2fa",
+    "id": "bundle--8c379744-2ef6-4933-a037-04386f73cc53",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json b/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
index 0a8951ab78..84daeb87a0 100644
--- a/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
+++ b/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--421c519b-0a5c-48b3-8edb-be0e3aa0badb",
+    "id": "bundle--62fe88d1-cd74-44c8-ab78-2595aa79dec3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json b/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
index 453d5ff093..7858180eb5 100644
--- a/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
+++ b/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8273f673-242e-46ac-a08a-1cacb20366e5",
+    "id": "bundle--b98ff539-49ef-47cb-9b03-6be0a946e44f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json b/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
index 83f29258b6..468ab9c89b 100644
--- a/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
+++ b/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9b7ce28-493a-4393-850d-5d916fb2eb11",
+    "id": "bundle--5728b88a-1b35-4c7b-8517-43d2a2ea3c8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json b/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
index 3fabd97e12..bbd193578c 100644
--- a/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
+++ b/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fcce2008-6b9f-47e1-9a3a-b1f555c29bd3",
+    "id": "bundle--bcc681f0-b48d-4add-8530-2bda3360f413",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json b/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
index 078b0e4db5..ce13d9987d 100644
--- a/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
+++ b/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ae15809-94d0-4763-a4f9-7a8dcacf5295",
+    "id": "bundle--e9884b98-4f68-4665-9c84-39779eeea3fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json b/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
index 1ecfff512a..776da76b60 100644
--- a/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
+++ b/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ddcc1be5-b751-40d7-91e2-c2a881712595",
+    "id": "bundle--dbfbbb4a-c49a-4516-b833-6d81bb1200bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json b/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
index f733200341..51f2556c4c 100644
--- a/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
+++ b/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fec715eb-0415-42f2-a425-643e22410024",
+    "id": "bundle--0c72de40-5d53-45f5-9a8e-59a84cc35913",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json b/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
index edf3a2d28e..56bff85dfd 100644
--- a/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
+++ b/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3261e9c6-e587-4a84-9219-d574f47f0cfe",
+    "id": "bundle--512036f8-c073-490f-b5e2-c14b26734e7d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json b/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
index be5408cdd5..4aad151a3e 100644
--- a/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
+++ b/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3b2cac81-90e9-474d-bce1-5b047ca8e30b",
+    "id": "bundle--64606cfe-6ef2-498f-97be-903c217df27b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json b/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
index 16a20ca983..75be84808a 100644
--- a/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
+++ b/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4c89522e-6e0c-4dce-bbf8-b5eb6b6464a8",
+    "id": "bundle--75079509-0fa3-4f07-a045-14bb9d09ed78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json b/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
index a1ecd12f70..64e8b82b6f 100644
--- a/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
+++ b/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--008e98ad-8d4d-471f-b73b-ac5fdbde2e81",
+    "id": "bundle--b8b1a776-8c2d-4fb1-9f23-b3e43b31282d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json b/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
index ee7d134e7d..a642fa9600 100644
--- a/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
+++ b/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33d1857a-a883-4335-b384-651152bfbde0",
+    "id": "bundle--115c7a50-1763-4bf1-bd31-377556ba6c81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json b/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
index acba7e10c7..f956af1439 100644
--- a/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
+++ b/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--635cd28d-b4d9-424d-a514-ff62fd8eb2e6",
+    "id": "bundle--4d61148d-02d1-438b-a962-8e1efc993bbd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--520c7112-9768-42c5-8917-1950efd182f9.json b/mobile-attack/relationship/relationship--520c7112-9768-42c5-8917-1950efd182f9.json
index 9a0242c60e..5dfc6db81f 100644
--- a/mobile-attack/relationship/relationship--520c7112-9768-42c5-8917-1950efd182f9.json
+++ b/mobile-attack/relationship/relationship--520c7112-9768-42c5-8917-1950efd182f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b286ceb-7a14-4d32-9dbc-54437519a147",
+    "id": "bundle--537c6e73-cb0a-4ee9-becd-0c1fb39d6b8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48.json b/mobile-attack/relationship/relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48.json
index ce8f5e785c..9e1de4954d 100644
--- a/mobile-attack/relationship/relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48.json
+++ b/mobile-attack/relationship/relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7e8140e-b9a7-4b5b-8f7a-ab4f77b2e66e",
+    "id": "bundle--7751ee21-1a6b-448f-99e8-f1f1e646914f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json b/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
index 63cefccb11..7ee2531448 100644
--- a/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
+++ b/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b7596df-ad30-4302-984b-578079d4ce41",
+    "id": "bundle--a29a99c4-232f-4c9b-968d-d16937411085",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json b/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
index a822139cfd..17606b8acd 100644
--- a/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
+++ b/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81e99032-958b-4b76-a21f-e16a66523300",
+    "id": "bundle--eae6f71a-282b-4f13-bf03-c9e9295b5187",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json b/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
index 6ffa64b25b..96a09b39a2 100644
--- a/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
+++ b/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a470d920-a4e0-435a-8cd0-c3cbc165d665",
+    "id": "bundle--e8e3f0ea-06a5-4fa8-9f0a-1474c98a31b1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json b/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
index 192e80d91f..5d03bb02f3 100644
--- a/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
+++ b/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64543201-7dd5-40c1-8f5f-ea03ad9a7bb4",
+    "id": "bundle--57e26e1c-fd37-4c42-99fa-295a21184b70",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json b/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
index 5df5129f79..61c5544cd1 100644
--- a/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
+++ b/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8313fcff-c896-48fe-b85a-4fdfe5f55c9b",
+    "id": "bundle--24d64663-f1b2-4669-abb8-303e2ec83b90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json b/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
index d956d40860..cae785c749 100644
--- a/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
+++ b/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3cc57c0b-edb7-4a5c-b4f6-d0cdd97506b4",
+    "id": "bundle--6687d328-3393-47b4-80ea-a1027b251b13",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d.json b/mobile-attack/relationship/relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d.json
index a3e0dd0207..13c5abb3a1 100644
--- a/mobile-attack/relationship/relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d.json
+++ b/mobile-attack/relationship/relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--821bf920-d846-40a1-a888-4a9fed559276",
+    "id": "bundle--77b52ebf-cc7f-485a-b71b-7ebb5d1b89c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json b/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
index 477cbd041c..2006da6029 100644
--- a/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
+++ b/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53a54f60-8dae-41e6-83f1-b2616a5d89e8",
+    "id": "bundle--87456421-79ca-41cf-9ea9-8fb23da6ae76",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json b/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
index 99168a4656..b765d26422 100644
--- a/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
+++ b/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f99ec7a3-217f-497e-8408-39a96ad76804",
+    "id": "bundle--41fdcc17-bfb7-424d-87a0-b4d39645a6fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json b/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
index b33c80becf..f716a382d6 100644
--- a/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
+++ b/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0c11cc6-b774-44f8-917d-ea6a92d2e204",
+    "id": "bundle--02162c4e-5057-48e1-a955-6be3939cb149",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json b/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
index 08ac5e23b5..d29eba1ec9 100644
--- a/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
+++ b/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1406f4f-ad78-4899-bc9f-aac259348c4a",
+    "id": "bundle--5fe027a2-008f-497b-bd5d-698351e88555",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json b/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
index 9bf4dd128b..e2472ba383 100644
--- a/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
+++ b/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59fd6636-4f9b-4eed-96e0-8370d87f2bad",
+    "id": "bundle--84e5a1b7-ab70-4b99-8fb2-925498481053",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json b/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
index b24147837d..6e008cd0c5 100644
--- a/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
+++ b/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--58032053-cc9f-4705-9726-a650b57e4b1f",
+    "id": "bundle--2edcacdb-9a13-4329-880b-80adf550aad8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json b/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
index b62215054e..0a9b789112 100644
--- a/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
+++ b/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e591435-4dad-40b4-accf-1ccfd65e7595",
+    "id": "bundle--ced87ba9-b45a-4a2d-a150-19ea55fcc58b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json b/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
index cb06e7a8a4..76b9388e31 100644
--- a/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
+++ b/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2096d45f-078a-4152-aad9-652648264ad3",
+    "id": "bundle--8c21e71c-18b3-4a7b-ac8a-769df25e1cfc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json b/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
index 0a0103d0da..e981381f5c 100644
--- a/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
+++ b/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c9999e3f-9f9c-403f-ad11-97306f21bca1",
+    "id": "bundle--b29d5c15-bca4-4160-928f-97ffdaaee794",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json b/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
index aa9e101e71..407e1d03f6 100644
--- a/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
+++ b/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95bc23bf-7568-4cae-bedc-7589e23a1cfb",
+    "id": "bundle--6c8b9132-3c82-4955-9f18-0a2adb6c5a10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json b/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
index f5511633b3..494ae6c110 100644
--- a/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
+++ b/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3da3a573-9ec7-4e91-a254-06ffa3c8a01a",
+    "id": "bundle--dc982a0b-b86b-4759-9b63-ef37b8f6b38b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json b/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
index f600c412ce..b4c468fbb9 100644
--- a/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
+++ b/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22dc3571-73d4-4bc7-bc0a-cf0e1015702f",
+    "id": "bundle--baf9c5ff-0b46-4ddc-ac3f-a1992cc2134f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json b/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
index fbaac0cf91..ddb2b97608 100644
--- a/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
+++ b/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4f8a069-330b-4c36-9384-faa07bdf7ed7",
+    "id": "bundle--bfb33f50-c85e-4c90-8453-5ddd5118a8a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--56758bb5-230e-43ac-9851-167c296c3dfa.json b/mobile-attack/relationship/relationship--56758bb5-230e-43ac-9851-167c296c3dfa.json
index 6b9525d569..371e377093 100644
--- a/mobile-attack/relationship/relationship--56758bb5-230e-43ac-9851-167c296c3dfa.json
+++ b/mobile-attack/relationship/relationship--56758bb5-230e-43ac-9851-167c296c3dfa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dd7a2c7-8a76-4a76-9411-d12c031ee0af",
+    "id": "bundle--38e15fcf-2c85-4ac3-a4e5-b54026f65ca6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json b/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
index fc7f014f9d..3f3784cccb 100644
--- a/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
+++ b/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8c64d53-8a42-4cee-948b-ba9075935631",
+    "id": "bundle--811ac2cc-5838-4f3c-a07e-da2cdb686fc2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json b/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
index ff3e3483d8..86b367c789 100644
--- a/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
+++ b/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf1ef071-8292-4ce9-aafb-4d3bf1cb9c16",
+    "id": "bundle--51aa2785-120b-4e8f-8e72-984aa5cb973e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json b/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
index dd5e400375..43d6dc3b81 100644
--- a/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
+++ b/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b819a394-9b70-4522-8642-46df2b375ca5",
+    "id": "bundle--2752df95-2237-4cf3-b63c-b858a2812536",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7.json b/mobile-attack/relationship/relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7.json
index 1d50d32b73..f857e3dd17 100644
--- a/mobile-attack/relationship/relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7.json
+++ b/mobile-attack/relationship/relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b91ff99-b75c-4607-8bd1-b84fb382ab66",
+    "id": "bundle--b1f9e844-61ed-4ac5-9300-cd3916e8b615",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json b/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
index cc5f0e7db2..e7e74d336c 100644
--- a/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
+++ b/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0383ee7c-ea35-47d3-aec7-e67d246440b5",
+    "id": "bundle--85740bf6-4b16-4e2d-86ac-7b9045f3668c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57a5ae72-6932-45e6-83f2-609943902b35.json b/mobile-attack/relationship/relationship--57a5ae72-6932-45e6-83f2-609943902b35.json
index 7a823129c3..0cd8e1e6e7 100644
--- a/mobile-attack/relationship/relationship--57a5ae72-6932-45e6-83f2-609943902b35.json
+++ b/mobile-attack/relationship/relationship--57a5ae72-6932-45e6-83f2-609943902b35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67a84338-77c7-483a-94fa-64d2568b9625",
+    "id": "bundle--a5474dcd-3125-4a38-8fd2-10e1ea0fe6b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json b/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
index 08c2edb6a2..4e137372e2 100644
--- a/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
+++ b/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc3f0b37-5a9a-491c-9e74-7defb2d346fa",
+    "id": "bundle--11611d09-0249-4739-b401-d98ec6c49343",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78.json b/mobile-attack/relationship/relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78.json
index 67b22ada16..364b590f4b 100644
--- a/mobile-attack/relationship/relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78.json
+++ b/mobile-attack/relationship/relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e327636e-b644-4cee-9e24-24fd0746988a",
+    "id": "bundle--e447fdfb-7639-4f44-94c8-bf1bb8f6d157",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json b/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
index f87b94232c..da51937174 100644
--- a/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
+++ b/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f986b29-8498-48c4-8a92-8969710772cb",
+    "id": "bundle--81a3f86c-72c0-4fec-adc7-18913dd3aa75",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json b/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
index 9d8ce47edb..74189b1c72 100644
--- a/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
+++ b/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2cb92f3a-f623-4022-b34b-1eb5d394dba1",
+    "id": "bundle--88f5b5ab-0f47-4eca-83b1-52c7323a176b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json b/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
index 167538b8e4..9319264038 100644
--- a/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
+++ b/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--82679076-5266-46da-86a9-6167887c2ff5",
+    "id": "bundle--880c2296-84c8-40c1-a59f-0cbddc42480d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--592331d2-60a7-4264-b844-fbeb89b6386c.json b/mobile-attack/relationship/relationship--592331d2-60a7-4264-b844-fbeb89b6386c.json
index 6e3046a11e..a5797e6343 100644
--- a/mobile-attack/relationship/relationship--592331d2-60a7-4264-b844-fbeb89b6386c.json
+++ b/mobile-attack/relationship/relationship--592331d2-60a7-4264-b844-fbeb89b6386c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--257432d1-b2ae-4176-8b83-e0940b87370c",
+    "id": "bundle--1e4276e6-6029-442f-8b90-c39b7606b0ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json b/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
index 844a8af81b..a55d7226c2 100644
--- a/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
+++ b/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5cb3d69-2d95-4f8f-888a-ce359d8a2bc1",
+    "id": "bundle--be90a765-a6d5-4890-9c62-22f6aedcc016",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json b/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
index bc37e6259f..700c1ddb32 100644
--- a/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
+++ b/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73378ee8-10fb-4e53-8864-daeb6fad0866",
+    "id": "bundle--85e1530c-106c-4352-ab32-3bf36b71e8f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc.json b/mobile-attack/relationship/relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc.json
index 106d2dfba0..a8458b39c0 100644
--- a/mobile-attack/relationship/relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc.json
+++ b/mobile-attack/relationship/relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5739a511-2438-4ddc-ba5e-695c8d3a6c57",
+    "id": "bundle--cb195921-8dd6-4a7e-a286-8447c9448d6c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json b/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
index 643c4e169f..e9d1ebf41a 100644
--- a/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
+++ b/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--35f6c5da-1776-4cd2-a3f0-8bc41493987c",
+    "id": "bundle--02c820da-74e5-429b-ae29-8e603ba7ab82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json b/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
index c725648b40..81ecbea155 100644
--- a/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
+++ b/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b11dbfa-fad3-43cc-9bd3-bd5c380e4fb4",
+    "id": "bundle--33d4d247-a20f-4f02-8920-2753660d57c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json b/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
index e803f31c61..114bcc195d 100644
--- a/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
+++ b/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2cf2a703-1b8f-4ecd-b057-42912850bffb",
+    "id": "bundle--9ba9474c-faaf-4d71-bf98-d99e9272d638",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json b/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
index ce1351f96d..68f6e52a2a 100644
--- a/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
+++ b/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cedd7266-2db9-4441-91ec-faa34e3e20a2",
+    "id": "bundle--c2678b8e-1fbb-43c4-b5c6-8a950a56af38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json b/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
index b0961cd787..731ced42b2 100644
--- a/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
+++ b/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ab1d7a0-18f3-4e60-b2d4-2b142cdc9986",
+    "id": "bundle--0bddef87-f498-43df-8964-2e72256ca3ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json b/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
index d9b1e6aa3e..e0946ee741 100644
--- a/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
+++ b/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bffa7f08-dd1a-4025-9961-b8a8bcc256e9",
+    "id": "bundle--d9a4b48e-4a8f-4ed8-9efe-83512f743dd7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json b/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
index becb045c42..36d32a64d0 100644
--- a/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
+++ b/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--10965a60-5f2b-40d8-a14c-52e1431c588f",
+    "id": "bundle--71e4f220-d4d0-4e65-870b-d59bd27d9bc9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f.json b/mobile-attack/relationship/relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f.json
index fe02504d7d..a291f6989e 100644
--- a/mobile-attack/relationship/relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f.json
+++ b/mobile-attack/relationship/relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dee61a50-d2fe-40ed-8489-d3d58872f0d9",
+    "id": "bundle--df171a36-fbff-46d7-bb43-956e34ced6de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json b/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
index 9563a71eee..c184ff82ad 100644
--- a/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
+++ b/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ce21f9c-b956-48ee-b58a-0fd7d70f4f20",
+    "id": "bundle--a59fa846-5ae3-4832-82a6-48c62bb74170",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json b/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
index 889b8cfe5f..9fb72b93be 100644
--- a/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
+++ b/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70665296-0de6-4e66-af43-fc190a9de8a5",
+    "id": "bundle--0d5dde85-a43d-4acf-9f85-4f2e9b1f63c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json b/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
index 0217e90426..1ecd9c6c8e 100644
--- a/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
+++ b/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2371d602-61a9-46d3-be89-35f052d28c8e",
+    "id": "bundle--6e2ab6f3-2a1b-4a52-af08-eed326b386a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json b/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
index df387e5301..edd03cbdb5 100644
--- a/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
+++ b/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--723420fe-a447-49fe-a819-9e022f304008",
+    "id": "bundle--a64edc12-868b-4ff5-93b5-fe5ae3622e22",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b04c8d0-c026-4838-9383-e4146de36d4d.json b/mobile-attack/relationship/relationship--5b04c8d0-c026-4838-9383-e4146de36d4d.json
index 0600a128a0..3161213a95 100644
--- a/mobile-attack/relationship/relationship--5b04c8d0-c026-4838-9383-e4146de36d4d.json
+++ b/mobile-attack/relationship/relationship--5b04c8d0-c026-4838-9383-e4146de36d4d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8efbf7d4-ad1b-43bd-aa93-23a021276cd8",
+    "id": "bundle--0579446b-2b12-4a08-b7f0-952a08ffa284",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json b/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
index 0760f34d71..2ff4c85385 100644
--- a/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
+++ b/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c38a5c1-4c23-40ab-b2e7-461a919783fe",
+    "id": "bundle--b632725e-ef2c-42fa-a17e-9fedc18e0ade",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json b/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
index 508b33f346..7ad966313d 100644
--- a/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
+++ b/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--667e4b05-ac87-41f2-8811-3d5c2cfdda01",
+    "id": "bundle--0e0d57b0-cda0-4e4d-b81e-890c1bba567e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json b/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
index e9ac879afe..5e7f4f1766 100644
--- a/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
+++ b/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a37e281-dc29-4883-b678-540e16e06b7b",
+    "id": "bundle--ef30c02b-d4f2-4c38-9c9f-e4d4535cf892",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json b/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
index a73914d96c..6d6473fca8 100644
--- a/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
+++ b/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3772f69d-bcf9-4bc1-afeb-118085dc9f2f",
+    "id": "bundle--b1a1ef1c-8ba1-411d-8441-3ec3b022dd52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json b/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
index 7fbd7adc6f..505fb950b5 100644
--- a/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
+++ b/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3fd3bcac-3037-4e98-a6d8-77717bb87819",
+    "id": "bundle--07e38504-2e5f-4893-927b-c0b2744a4792",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json b/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
index 027b549429..bc50a8dde4 100644
--- a/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
+++ b/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5913b88b-0484-4447-8b62-fe242d274b87",
+    "id": "bundle--de847e0f-2424-494e-8d3f-5986c7e65fc7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf.json b/mobile-attack/relationship/relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf.json
index b7507d5a66..9e86531c40 100644
--- a/mobile-attack/relationship/relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf.json
+++ b/mobile-attack/relationship/relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a3fee05-06eb-4244-ba9f-0ee4c0c38e28",
+    "id": "bundle--c65ba0cc-74f5-465a-b27f-78e550a44e73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json b/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
index dd89718147..f83d743208 100644
--- a/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
+++ b/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--db530d66-ff9c-4691-945b-10d3866d580a",
+    "id": "bundle--d96e61d2-0768-4ef3-bb38-1efc8d9857b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json b/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
index 77d24989aa..c833cea4e3 100644
--- a/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
+++ b/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0cb53513-598f-484f-8593-f95daa8d6a20",
+    "id": "bundle--d9829fb0-f83d-4934-9d55-0cb9d9577a09",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json b/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
index d29c0fa360..04687cf680 100644
--- a/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
+++ b/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--58903e95-2d2c-40cd-baf0-c040cb7e6613",
+    "id": "bundle--ecc45842-3bb0-420f-b49a-5789415ff63c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f.json b/mobile-attack/relationship/relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f.json
index 80821b02f4..a1ae30f14f 100644
--- a/mobile-attack/relationship/relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f.json
+++ b/mobile-attack/relationship/relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--02c8c080-b695-4e22-8773-7db2d7b6d838",
+    "id": "bundle--9e991c90-4033-4ff2-b01a-fc6eac92e4a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json b/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
index 1db47e9c4f..f140e0b74c 100644
--- a/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
+++ b/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e74734bb-2fb3-4ca9-9660-23093455c904",
+    "id": "bundle--aeb4c9ba-f8fe-42a1-8c45-6c28ac403752",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5d37400f-80f9-4500-9357-185650e5a7b2.json b/mobile-attack/relationship/relationship--5d37400f-80f9-4500-9357-185650e5a7b2.json
index 1b135bb539..81a633ad96 100644
--- a/mobile-attack/relationship/relationship--5d37400f-80f9-4500-9357-185650e5a7b2.json
+++ b/mobile-attack/relationship/relationship--5d37400f-80f9-4500-9357-185650e5a7b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96ed1722-6a0a-4800-a77d-6a5d09c5b765",
+    "id": "bundle--be39a649-4c5c-4fc0-af36-dcf5cf8222ba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c.json b/mobile-attack/relationship/relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c.json
index 297dfa4da6..82a348836e 100644
--- a/mobile-attack/relationship/relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c.json
+++ b/mobile-attack/relationship/relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5552db72-2767-469c-a797-708f9639c76d",
+    "id": "bundle--e781a1b0-fa6f-484b-a75f-4e7596de6de2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d.json b/mobile-attack/relationship/relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d.json
index 3910dbd1fb..83a0d64743 100644
--- a/mobile-attack/relationship/relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d.json
+++ b/mobile-attack/relationship/relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--97b796dd-4a10-44cd-956a-bfe48e692257",
+    "id": "bundle--69b99fbe-8cfa-447e-abd5-9365589ff1e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json b/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
index 785bb1f5bb..8233e29af4 100644
--- a/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
+++ b/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--51b030e4-2111-4cd9-a92d-a17fcf08c4bb",
+    "id": "bundle--356f63f8-5b00-4fd3-8203-0df2e6d6f100",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json b/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
index e295c10d70..f32fc7d4df 100644
--- a/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
+++ b/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1646181f-c79d-40f0-a79f-eb324a43cd22",
+    "id": "bundle--c8de9e2d-465c-413b-811d-de7d6e2f060f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json b/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
index 95a41d7630..1236cfa4de 100644
--- a/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
+++ b/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4d88d10-1750-4a12-b6dd-d3afb0cec037",
+    "id": "bundle--7e85f5f2-fa14-4c39-a6a6-21620278a7b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json b/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
index 9fd36ab960..14b8e056fa 100644
--- a/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
+++ b/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2fdbc7d7-6249-48d6-9c23-8dedc74e474e",
+    "id": "bundle--cfd4c087-539d-4127-a4b2-ce07bd758fc0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2.json b/mobile-attack/relationship/relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2.json
index fa1cfa9316..a8858ffd28 100644
--- a/mobile-attack/relationship/relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2.json
+++ b/mobile-attack/relationship/relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3a3413f-c395-4846-9411-d15dec54587b",
+    "id": "bundle--953ce0c0-29a2-49d4-b2b2-3cf44f7b12e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1.json b/mobile-attack/relationship/relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1.json
index aee37d310d..6db2338b0b 100644
--- a/mobile-attack/relationship/relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1.json
+++ b/mobile-attack/relationship/relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a38b1f99-9eea-4cd1-8df4-051b2727b043",
+    "id": "bundle--62104250-8c51-4a9c-88d3-fac1afa20c68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24.json b/mobile-attack/relationship/relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24.json
index 7a8173ee03..e3f68c0fd0 100644
--- a/mobile-attack/relationship/relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24.json
+++ b/mobile-attack/relationship/relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd2adcc4-5c26-4869-abba-48cc61142924",
+    "id": "bundle--ff5a095c-cd5a-4967-903f-a7aa16289b0d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json b/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
index 761877f695..893576ed24 100644
--- a/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
+++ b/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08d8e675-b281-4602-94a5-66d3c4476bf5",
+    "id": "bundle--256b60f7-6bb2-44cc-93c0-ce4d23307dd7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60782df8-1e96-48eb-a6b7-843c94b32b59.json b/mobile-attack/relationship/relationship--60782df8-1e96-48eb-a6b7-843c94b32b59.json
index f01b4dca72..8f72d557e4 100644
--- a/mobile-attack/relationship/relationship--60782df8-1e96-48eb-a6b7-843c94b32b59.json
+++ b/mobile-attack/relationship/relationship--60782df8-1e96-48eb-a6b7-843c94b32b59.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4aa8094-edc7-466a-a48f-02175beadbe1",
+    "id": "bundle--31688af1-57ad-4434-9b42-b1d034342b1d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json b/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
index 0929b0088d..092a0cca9b 100644
--- a/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
+++ b/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--09382a65-8401-4b99-8305-4f83adc51721",
+    "id": "bundle--420339ca-5096-412b-bb7a-43228924b71e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60ad088f-3133-4b0c-a441-e1e06fff1765.json b/mobile-attack/relationship/relationship--60ad088f-3133-4b0c-a441-e1e06fff1765.json
index aaae7c69a5..856e63c87b 100644
--- a/mobile-attack/relationship/relationship--60ad088f-3133-4b0c-a441-e1e06fff1765.json
+++ b/mobile-attack/relationship/relationship--60ad088f-3133-4b0c-a441-e1e06fff1765.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6d32b41c-9d8d-45a0-83bc-cee21c80f645",
+    "id": "bundle--e2715cf8-db92-4151-88a0-5a29f62c7d89",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json b/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
index 64bd1e9f46..2c1ee30b10 100644
--- a/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
+++ b/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--42c1daf1-7452-4872-8664-34fcbf16bea3",
+    "id": "bundle--e8c8775c-e5ad-433d-9f12-f5195b04076d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json b/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
index bccb2b1bc3..a9e5a64b42 100644
--- a/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
+++ b/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbc412ad-3b4b-4891-914f-7c745d5e670d",
+    "id": "bundle--3601c7f0-fb24-4d82-8a33-95897a3672d1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json b/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
index 503257f525..f4ec763362 100644
--- a/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
+++ b/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--46e6f4a0-909d-4683-a1bf-cee50918fe79",
+    "id": "bundle--feaa1a2e-2d29-4cb5-9f39-8ce6c79679ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json b/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
index 248a424d88..264d89e9bd 100644
--- a/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
+++ b/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4dae4548-87bc-424c-aabb-3a7395d9b4ff",
+    "id": "bundle--5fbb3652-07ee-429a-8b93-fcf15bb1a2ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json b/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
index 57e937e648..f37986a44c 100644
--- a/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
+++ b/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2685ae8b-9a74-4f85-95c1-e62fca705a60",
+    "id": "bundle--5e0b7bcd-9fe3-484d-8387-27fc4b0238d5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json b/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
index 89ed34ef61..abe30064dc 100644
--- a/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
+++ b/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a1fd2b6-4ac0-49bf-9c37-aee8c521fd13",
+    "id": "bundle--c0ea7de7-9bff-4d39-860f-60293084d515",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json b/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
index a16d70789f..4ca5ee3f8d 100644
--- a/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
+++ b/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--091357e8-3518-413f-9f3c-eea70fcc9141",
+    "id": "bundle--7b46b338-0fd2-40b6-9216-36e9fb898251",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc.json b/mobile-attack/relationship/relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc.json
index f0a29459c1..1c01c0be79 100644
--- a/mobile-attack/relationship/relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc.json
+++ b/mobile-attack/relationship/relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--89ae7efb-8f0d-4bfe-8cfb-7faffa1f8370",
+    "id": "bundle--45ae2146-05b5-4662-9929-7ad439920296",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213.json b/mobile-attack/relationship/relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213.json
index 938f889b1c..cc0f50e2f3 100644
--- a/mobile-attack/relationship/relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213.json
+++ b/mobile-attack/relationship/relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4ec7661-25e5-4206-bee4-1daf3fa15555",
+    "id": "bundle--2611b82e-ff47-470f-881a-0456b6f7e67f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json b/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
index ae337976c1..b05cda9315 100644
--- a/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
+++ b/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de370556-d29e-4c29-ac26-c53336eeedc0",
+    "id": "bundle--e916e801-22e8-4228-a7cd-3a8e42b683e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json b/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
index 5a79878da5..5ecedc7ceb 100644
--- a/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
+++ b/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f0d5b97-c6da-4b4f-997e-da67e9805b24",
+    "id": "bundle--6b482df9-9486-49df-9459-65e2d3edcb06",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json b/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
index 4ac0a08c31..638cf2f7b5 100644
--- a/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
+++ b/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--089b4ddd-d164-4512-93d1-eb7b8d8c2f75",
+    "id": "bundle--94bb7132-a5cc-4b5f-9880-9786e2465667",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json b/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
index e5179afd61..1b332ebdf2 100644
--- a/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
+++ b/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--126a15c7-0c00-49a5-850b-8db1e6020552",
+    "id": "bundle--f55c3840-9641-4f0d-8260-7fd80bf586de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json b/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
index 32ab9492ca..b35bf43fe2 100644
--- a/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
+++ b/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cee61456-97e7-40f6-b3e5-3a8c7325510d",
+    "id": "bundle--efa38847-2967-46c1-9560-04020acddafb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json b/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
index 7af55745b6..715df4390e 100644
--- a/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
+++ b/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6d3559c-d5aa-42cf-8cb8-25ab083f81d4",
+    "id": "bundle--daca6ff9-08dd-4307-8ecc-617d64747c3f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda.json b/mobile-attack/relationship/relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda.json
index 619707a112..b78eb88d24 100644
--- a/mobile-attack/relationship/relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda.json
+++ b/mobile-attack/relationship/relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--befd7eed-8383-4e90-a5d6-af328ab206b2",
+    "id": "bundle--224c8e0b-6668-485d-8941-1fc1c48ffc3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json b/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
index 3a191c50d3..c60a1d0c19 100644
--- a/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
+++ b/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0330698e-2234-47ac-890a-e3a746b2b29b",
+    "id": "bundle--2abb2d4a-3b9a-4e39-9402-1824d996adbe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json b/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
index 09d21c6164..cbf7b3dba3 100644
--- a/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
+++ b/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--16f19956-0da6-4dff-bf07-c4f57dfd4a29",
+    "id": "bundle--37f5f09e-ade3-41b4-9eba-fc194369b65b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json b/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
index 3369552b7f..a86d6d72cc 100644
--- a/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
+++ b/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dcadb302-82a6-4e00-98f6-a5828a3d93b6",
+    "id": "bundle--8afe111c-445c-459f-8d46-73e9446087ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json b/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
index f6063d5167..563a881110 100644
--- a/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
+++ b/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--252b5dbb-533b-490f-be7b-6d998afe45ee",
+    "id": "bundle--6e2f1c28-55b8-4cd8-a16d-b96baec7db7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json b/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
index eb8f2311e2..792ca8c902 100644
--- a/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
+++ b/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--092b9bb3-adc9-4bcb-a1c8-290c75cbbb3e",
+    "id": "bundle--048ce7b9-2613-4ec5-9776-89ef0dd1d56c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json b/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
index c67018180a..3ca625013e 100644
--- a/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
+++ b/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95955a3e-0eb5-4b72-8ad1-c87c1c66690d",
+    "id": "bundle--fc404099-4401-4309-801e-c0eca2d24f5b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json b/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
index 8c1b7c9494..d85a98bbd8 100644
--- a/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
+++ b/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--80da0ead-ff2a-470d-a91d-a33931a1b083",
+    "id": "bundle--7a4cb1af-6f58-4fef-93e2-fac702f775ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json b/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
index b45d3304d1..fc15c8adb7 100644
--- a/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
+++ b/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d21decf-cd79-46e0-b9c4-da61b92e5221",
+    "id": "bundle--dfa7e132-1d96-4835-b32b-a3fb31d02ddd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json b/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
index 53c8188fb1..2f57cdb339 100644
--- a/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
+++ b/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7db4556c-d7ab-4d13-b5db-3331fed20770",
+    "id": "bundle--bbec8be7-36a3-4b1e-beb6-6f958538a635",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json b/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
index 6ad2faccad..6251a17073 100644
--- a/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
+++ b/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1af6ddd7-a1e5-4cbe-af87-d1838a1921bc",
+    "id": "bundle--7d2fc659-e7c2-4c5f-9f7e-4c7d4d523ad5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66fb8a34-9d48-4599-a56e-19b057380030.json b/mobile-attack/relationship/relationship--66fb8a34-9d48-4599-a56e-19b057380030.json
index 4d3e036eea..dec3432bc5 100644
--- a/mobile-attack/relationship/relationship--66fb8a34-9d48-4599-a56e-19b057380030.json
+++ b/mobile-attack/relationship/relationship--66fb8a34-9d48-4599-a56e-19b057380030.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--341c878d-6e4b-41c1-844b-39ff7daf0567",
+    "id": "bundle--aacd3f31-e914-4661-9361-6ef722873c62",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json b/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
index 230ef336d2..e958aafe2e 100644
--- a/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
+++ b/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a106be7-7a3b-47cd-a83f-9a52bc17e02d",
+    "id": "bundle--b02b7025-0d8b-491e-b7a5-ed0375dea2e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--67aa692c-24e4-483e-996e-02ce1e861ec8.json b/mobile-attack/relationship/relationship--67aa692c-24e4-483e-996e-02ce1e861ec8.json
index 3ead9f7f29..712f3c4fb3 100644
--- a/mobile-attack/relationship/relationship--67aa692c-24e4-483e-996e-02ce1e861ec8.json
+++ b/mobile-attack/relationship/relationship--67aa692c-24e4-483e-996e-02ce1e861ec8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13e57601-354c-4351-8489-dcf10103c603",
+    "id": "bundle--0c60abea-3b46-4c6d-ab98-ebb24fc43d64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json b/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
index aa38c27c83..78eeeb0575 100644
--- a/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
+++ b/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66d80d07-37a5-4b51-b497-a1b300131730",
+    "id": "bundle--d37f09c1-0760-409b-9d6b-38daddab30c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json b/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
index 95b772359d..e4f63d6a38 100644
--- a/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
+++ b/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2760d70f-e7d8-45ea-b0a1-61a79991d28c",
+    "id": "bundle--34d8d7ba-1e6e-4db9-9715-f4695c268f45",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--681161b2-4e30-4d49-8524-6cc0d94585cb.json b/mobile-attack/relationship/relationship--681161b2-4e30-4d49-8524-6cc0d94585cb.json
index 8a94776944..3abcc5207a 100644
--- a/mobile-attack/relationship/relationship--681161b2-4e30-4d49-8524-6cc0d94585cb.json
+++ b/mobile-attack/relationship/relationship--681161b2-4e30-4d49-8524-6cc0d94585cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a9554d8-7189-4616-89d6-a4279c993756",
+    "id": "bundle--eeac312d-a883-4f60-8f45-022663c03cc1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6846dc09-b66a-42d3-aea2-c80b51f22952.json b/mobile-attack/relationship/relationship--6846dc09-b66a-42d3-aea2-c80b51f22952.json
index eb7ad959db..5e02085ecd 100644
--- a/mobile-attack/relationship/relationship--6846dc09-b66a-42d3-aea2-c80b51f22952.json
+++ b/mobile-attack/relationship/relationship--6846dc09-b66a-42d3-aea2-c80b51f22952.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c89ce1e3-7b43-4dca-8c3b-d43a4187a932",
+    "id": "bundle--cba9ee88-39ed-4f24-80fb-4d3bbed25d96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json b/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
index 351090f268..a0a1c3d966 100644
--- a/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
+++ b/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--824dc014-13a7-4613-93ec-d8b1fb3366a6",
+    "id": "bundle--04aca128-9ec8-4f92-aa41-4739685edfea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json b/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
index c452081a78..5fc111ba70 100644
--- a/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
+++ b/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eda6a9fc-ca9b-40ef-9f15-a13b480f01a3",
+    "id": "bundle--cce2632c-41a6-4d03-9f83-8ac05d8294d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json b/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
index 32ad31e4cf..883dc3bfaf 100644
--- a/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
+++ b/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9f884b9-1943-4b49-a59a-e0a3e6d5782f",
+    "id": "bundle--8b74be2b-5e13-434b-86dd-83c8e617b608",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json b/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
index ecf77d0a07..50cf9eaa00 100644
--- a/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
+++ b/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--80807700-9a66-42e7-9b6d-acfb0f3885f4",
+    "id": "bundle--3f491f3d-7716-4971-bcdb-8c3e9bc4701c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json b/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
index 593ab38065..ad2833facb 100644
--- a/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
+++ b/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ba6e68f-8dec-458e-abf3-cb2baa6ba5e7",
+    "id": "bundle--f76be5e3-4bea-4d0b-a254-1adfb57e94b1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json b/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
index 994b2150fe..83c55dfb55 100644
--- a/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
+++ b/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07172cc9-14ef-40dc-9f75-e6fc4b9da789",
+    "id": "bundle--3b82b7d1-79b7-4803-925f-5716a31345aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json b/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
index eaa27b37fb..5222eddce0 100644
--- a/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
+++ b/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3a541a8-5c06-4808-83ee-f45b134732bd",
+    "id": "bundle--ffb5f4c8-4ffb-4f3d-bb2c-7481b6c64f3f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json b/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
index 4e52461005..b6197859be 100644
--- a/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
+++ b/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb6eeffd-64fc-4015-b6b4-e0b7ad658635",
+    "id": "bundle--a718f7b5-5dc7-4cb6-ac8b-ba4dd7e2ebb6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json b/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
index dafcd618d4..7ed11cbd79 100644
--- a/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
+++ b/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34c05d7b-23bc-4890-be71-5f0173558e51",
+    "id": "bundle--5ebd1d6f-5f1b-4a4b-851b-89d4635b49ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json b/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
index 3a95c956ac..3773f49165 100644
--- a/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
+++ b/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b4ad53dd-b444-40fb-be52-0440dc7cfd92",
+    "id": "bundle--56af41be-77c8-4364-a657-c5c9541e8f43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json b/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
index 86c6b318ed..ef319222aa 100644
--- a/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
+++ b/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6d5e2b2d-07da-4c00-9477-04b5fc82841c",
+    "id": "bundle--49df60bd-d9a2-4da7-a341-ae05f565b2f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json b/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
index a08490917b..e370ae2d2d 100644
--- a/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
+++ b/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d01521dc-1b0a-43db-aac6-a87d55e4cfb7",
+    "id": "bundle--fe7dca59-e1ed-443a-9234-261392c6f784",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json b/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
index 6863e86a5f..5c7146f7bb 100644
--- a/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
+++ b/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff23882b-1d67-4d00-9305-3957b92fc145",
+    "id": "bundle--802947d6-6316-4f82-b6c8-d9c0409043d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e.json b/mobile-attack/relationship/relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e.json
index 0c78fcf3ad..13e7f940a9 100644
--- a/mobile-attack/relationship/relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e.json
+++ b/mobile-attack/relationship/relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7f57fc47-f184-46dc-a8be-058ab30f09dd",
+    "id": "bundle--08ef3401-d211-4cd0-9345-c39e0f216ebd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json b/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
index 508a71e98d..d5689efa59 100644
--- a/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
+++ b/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d4064f9-79a4-4f9d-abc8-49cd66ea2344",
+    "id": "bundle--5be36346-b5ab-4914-a070-70f7d3ad9695",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json b/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
index fdaf3e760b..2f6dc4a3c6 100644
--- a/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
+++ b/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0c7e2e0-454c-4265-bd54-f374a928713d",
+    "id": "bundle--650b4858-5ba7-4e5a-b462-0db37246c418",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json b/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
index 197055e15b..838db24e3d 100644
--- a/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
+++ b/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49542dcd-c4e2-48ec-9f52-f09394fc8ea6",
+    "id": "bundle--7dc3c4a0-e55d-46c6-8e97-91731b382c4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json b/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
index 662ad57d72..e2d566aed9 100644
--- a/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
+++ b/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9857ac99-37de-4aba-a161-51531cdab693",
+    "id": "bundle--e7041c92-5125-4a86-a141-b86a1394694c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab.json b/mobile-attack/relationship/relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab.json
index 64c79b471d..1123226175 100644
--- a/mobile-attack/relationship/relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab.json
+++ b/mobile-attack/relationship/relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9af32895-b523-42f9-89ec-9a9acfe960a0",
+    "id": "bundle--c8982d71-1808-4d53-b6ff-5e6f7219ea13",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json b/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
index 088bc6562c..36b15fc0b5 100644
--- a/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
+++ b/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e190d3e7-1abd-4215-8746-547904e65da7",
+    "id": "bundle--210661df-1bdb-4186-b11d-098d402c1f80",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a.json b/mobile-attack/relationship/relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a.json
index 9c7f1d7d90..e88537a923 100644
--- a/mobile-attack/relationship/relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a.json
+++ b/mobile-attack/relationship/relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5c305d1-085e-490d-8675-70dfcd06f733",
+    "id": "bundle--02cd00c6-48df-404a-b53b-13d83f3e300f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json b/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
index f13b748ce2..b154b20061 100644
--- a/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
+++ b/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3997628e-ff8c-4ce3-8fd5-3500c27c650a",
+    "id": "bundle--3bb8e288-2dd6-4622-b8af-d54113fb7ef1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json b/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
index 180e7e7963..61341c8085 100644
--- a/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
+++ b/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec83843a-2bd7-46c1-af1a-7874e188448b",
+    "id": "bundle--5fc1eca3-bf85-4fb5-a721-fdbf51eb7589",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json b/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
index 64c9b793fc..12489e9fe9 100644
--- a/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
+++ b/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c0c5772-c605-4eae-9c7c-f332261d77ed",
+    "id": "bundle--c4bde3a5-8469-4e07-abbd-8ff87764f5d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json b/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
index 094c8a9003..2f9b46947a 100644
--- a/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
+++ b/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ad383be-d9eb-4a71-8720-ea1f43a819bc",
+    "id": "bundle--46229d18-f78b-4579-b245-27d5dd108087",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json b/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
index 786add872a..30136d64b6 100644
--- a/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
+++ b/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bbfd526f-4634-45e0-8942-822b0f1a015a",
+    "id": "bundle--064b0c0c-b0e1-4de2-8a0f-0ba5baba1bd5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json b/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
index 002998a2d1..72f23b2f69 100644
--- a/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
+++ b/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--805f7fb7-a509-4277-bf50-a3f9627b6760",
+    "id": "bundle--239ee732-6ba3-4603-9e5e-d12df85795f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json b/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
index 2d8499c0fa..7759fed00c 100644
--- a/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
+++ b/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70c84fed-0afe-44f8-b63f-6def2bf1b971",
+    "id": "bundle--99904faf-f0e5-4b36-a18d-c293e9b6267e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json b/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
index 0f994ef3fd..25b5f088db 100644
--- a/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
+++ b/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a839be05-b361-4ff7-9974-581193fe6cba",
+    "id": "bundle--b2c4d064-c1d2-4985-8d24-466e7afd01eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json b/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
index 073f633c9f..94b8e777f5 100644
--- a/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
+++ b/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbd89e4c-a73d-4740-8831-f2c6d6314fa5",
+    "id": "bundle--7ee12f99-8b6b-4ba6-ad93-e791699c2cef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108.json b/mobile-attack/relationship/relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108.json
index fa2f6dc708..816050e6a7 100644
--- a/mobile-attack/relationship/relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108.json
+++ b/mobile-attack/relationship/relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--695dfd49-39cd-4435-98cf-e438523d4455",
+    "id": "bundle--b59d6a75-aa11-47a8-b662-231e580f3a46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json b/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
index f725718e55..7151bddd95 100644
--- a/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
+++ b/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84d9faee-fc9c-47e2-8e11-11b8a44f6d4d",
+    "id": "bundle--0e44c83c-fdaa-4f1b-ba8b-09b278909a66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a.json b/mobile-attack/relationship/relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a.json
index f2e7c38a07..1cf26ab3e4 100644
--- a/mobile-attack/relationship/relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a.json
+++ b/mobile-attack/relationship/relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5578bef-5567-4b65-aef1-96389180197a",
+    "id": "bundle--81c85349-131f-47a7-aa7f-6df82be13420",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json b/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
index b81fb9b511..c148520352 100644
--- a/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
+++ b/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f16eb142-898d-4939-ab31-9a074a8c0bfa",
+    "id": "bundle--f46f6e3d-b69d-4dc5-9e27-28baf52ecc59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json b/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
index 2803ceeffc..994cc298f8 100644
--- a/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
+++ b/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--27b6013a-71dc-49a0-bcc8-45f6aab8443f",
+    "id": "bundle--bd663084-6fbf-4064-ac3d-0c71dc502d81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json b/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
index a9eca2335b..a44c4a697a 100644
--- a/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
+++ b/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb017042-a338-41a1-907f-0bcea28051d3",
+    "id": "bundle--4a270611-f2ac-4792-a681-af2501f0751b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json b/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
index 6fe1fa5815..271ffac6d8 100644
--- a/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
+++ b/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ec6410f-f115-43bf-ba56-295bd48868e2",
+    "id": "bundle--ea9ff59b-ffe0-4fe5-8b8b-eef5ac3b8b10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json b/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
index 64004b13d1..a71a4139ec 100644
--- a/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
+++ b/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb8c6c2c-a66b-4f43-aae0-12d23a23562d",
+    "id": "bundle--72b6b91b-3da0-4285-b527-7df46e799859",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json b/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
index 4176957f96..1af69501e7 100644
--- a/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
+++ b/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3883100e-54da-44b3-bc77-427748c87447",
+    "id": "bundle--9aa3e509-ab54-4872-a3b8-1168b7d2fc7d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json b/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
index 9cc5df938a..8f164b174b 100644
--- a/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
+++ b/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--86927ee5-86e8-49ac-b2b2-f1e158ee0c05",
+    "id": "bundle--dc3109e5-1e49-450e-becf-c625660bf671",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json b/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
index d94b89c71c..318fab61e5 100644
--- a/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
+++ b/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--191d5f23-da17-4f45-9db1-47486323eb22",
+    "id": "bundle--d21dcde2-7928-41f0-8324-fde66a2c79c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json b/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
index fd3cb9ea98..b4cfad348b 100644
--- a/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
+++ b/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81789d13-a46f-4ff3-962b-d02410797a7d",
+    "id": "bundle--688e4621-8c79-4a69-8780-efdc09a1b541",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json b/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
index d0c8097bbd..82fee4b18a 100644
--- a/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
+++ b/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87232329-be24-414c-b72b-9bb3efb9c776",
+    "id": "bundle--818f1ac2-f2af-486c-bd13-3d0e72c42ab0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json b/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
index f0e15d9231..acd654d216 100644
--- a/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
+++ b/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2f40c3a-24e7-41b8-937c-b5fccfc9227f",
+    "id": "bundle--6fa5ee49-311e-4fd2-b69f-ec08922c0ed3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json b/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
index 4083276c9e..8b71df5309 100644
--- a/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
+++ b/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2e3076a-6c47-4dfd-b824-2745e4531dda",
+    "id": "bundle--f7637b3b-6d09-4ee6-93d9-6067a349329f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json b/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
index 242e10beb8..88d49610f0 100644
--- a/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
+++ b/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d059cb74-66ec-42f7-8249-813083d76fd0",
+    "id": "bundle--2f0417a4-ea3e-443a-9c10-41115e250c8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json b/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
index e21248efe1..886cfd616c 100644
--- a/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
+++ b/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5ab7ee5-3ddf-4672-9f8f-bfbddd420b5a",
+    "id": "bundle--50118f87-2365-4464-8950-797a50a52e73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json b/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
index 8a974bc599..0ec8f02f49 100644
--- a/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
+++ b/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e9fd2ec-837d-414f-ba98-de82f943d685",
+    "id": "bundle--af8bdce0-b99f-4f3b-a5d2-7e12e4d9c0e0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json b/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
index e3a2ca8f5d..c6a8a42352 100644
--- a/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
+++ b/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2bc13b4d-46d9-4c67-8817-1799632d4fbb",
+    "id": "bundle--e96d1b00-5bd7-4d17-ad71-c1f5e0579fc7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json b/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
index 624ec7b8ce..4f41a4712f 100644
--- a/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
+++ b/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--adfa7ac0-a69d-470d-8d44-07afbba874bd",
+    "id": "bundle--3f70833b-49e1-401c-a8ac-75aaad9d6b10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json b/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
index 4441a63605..6b256b5268 100644
--- a/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
+++ b/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--88ed75d3-951e-41a7-bb03-3008ad997499",
+    "id": "bundle--e20e6526-6f8d-4717-96fc-e813a26ee939",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json b/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
index f6b652c8b1..b7c4f856bc 100644
--- a/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
+++ b/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30c20137-f8ba-42c6-83e7-0cc344f9478a",
+    "id": "bundle--15df8a9d-6ed0-4b72-86d4-1fb9ca494887",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json b/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
index a60ff868dd..4f9bd4c65f 100644
--- a/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
+++ b/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4650d095-a138-4c4a-b0f6-2f3d933c341d",
+    "id": "bundle--c65b1fed-85c9-43c2-bb1e-c0e248ff1f20",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--73d22490-4043-42d7-ad25-74e4a642bf6a.json b/mobile-attack/relationship/relationship--73d22490-4043-42d7-ad25-74e4a642bf6a.json
index 7c8ad30e75..dec4499c69 100644
--- a/mobile-attack/relationship/relationship--73d22490-4043-42d7-ad25-74e4a642bf6a.json
+++ b/mobile-attack/relationship/relationship--73d22490-4043-42d7-ad25-74e4a642bf6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68c83540-678f-4a08-bf32-4024979d5166",
+    "id": "bundle--1928b7aa-ee5d-4b5b-9a96-7aef9e603808",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json b/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
index 1f77477046..f0d2d502d3 100644
--- a/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
+++ b/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12afd3a7-a41e-4800-ab4a-ca1290afb283",
+    "id": "bundle--af8c64f5-4f1a-475b-b59e-b0d4a5909276",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json b/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
index 611f821bc9..6b09858820 100644
--- a/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
+++ b/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44bcca1e-bfa3-4e00-a74c-ab0ff8431dfb",
+    "id": "bundle--1066d613-0e08-4409-843a-888c874cb9f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed.json b/mobile-attack/relationship/relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed.json
index 700e3aef6a..474b7808c8 100644
--- a/mobile-attack/relationship/relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed.json
+++ b/mobile-attack/relationship/relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d7b662b7-380d-427b-97e0-2adc5d7904de",
+    "id": "bundle--e9716298-e2e6-422e-ab8d-fd7cd0176579",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json b/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
index e8fe405795..e1bd10088d 100644
--- a/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
+++ b/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a17f2e15-36a3-4b85-a868-7ba9aadeb62d",
+    "id": "bundle--3881d2d3-91d5-4bbe-bc01-4d20bfc59d7b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json b/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
index 4e1194b570..00f844e7bc 100644
--- a/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
+++ b/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8ac4859-c775-4b3e-bb27-47600e670170",
+    "id": "bundle--7d0979d7-e524-4013-9e21-65830f8c3ed7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json b/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
index b693ef9649..8a4a39b97f 100644
--- a/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
+++ b/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da7d3d4e-92aa-48d4-b2c1-186e50c0b899",
+    "id": "bundle--26e0aa78-f8d0-4d77-8375-0f8f5f0480bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6.json b/mobile-attack/relationship/relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6.json
index 2cb1f7a1d8..5e22f0b1d0 100644
--- a/mobile-attack/relationship/relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6.json
+++ b/mobile-attack/relationship/relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--752b3cbe-45d0-4795-ba43-e33b1193e99f",
+    "id": "bundle--5964106f-3f38-4f62-ada4-c0eaa0f70e38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json b/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
index b67c33fd43..4c6a0a4e4f 100644
--- a/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
+++ b/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d087f3f-1a5a-4f22-b3d6-2d62f24ac85f",
+    "id": "bundle--0a05f036-4b2f-4b71-bf9d-309a9bb4ec5d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json b/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
index 2d70d15e24..6dd0175037 100644
--- a/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
+++ b/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d42b7f9c-f213-45ad-a11d-a0eb4163f797",
+    "id": "bundle--2bb580d1-866b-4af5-836a-df9c31b74761",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75989cf6-c023-4ed3-9d23-a83f55690186.json b/mobile-attack/relationship/relationship--75989cf6-c023-4ed3-9d23-a83f55690186.json
index 947db326e4..5344b33810 100644
--- a/mobile-attack/relationship/relationship--75989cf6-c023-4ed3-9d23-a83f55690186.json
+++ b/mobile-attack/relationship/relationship--75989cf6-c023-4ed3-9d23-a83f55690186.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a110e93e-5d85-4dff-9e3d-1be5fd42f86e",
+    "id": "bundle--4bc4f40e-c577-440a-8c1e-7d0c6b2f7890",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json b/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
index e49327f354..0a710530ed 100644
--- a/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
+++ b/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ea5c942-406a-4b99-8475-688e12e7067b",
+    "id": "bundle--3522afef-7226-4a88-a61e-684063c50222",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75ed2348-279f-4485-97a3-9a5ada27d799.json b/mobile-attack/relationship/relationship--75ed2348-279f-4485-97a3-9a5ada27d799.json
index 2ec5694cf3..2c16108f6e 100644
--- a/mobile-attack/relationship/relationship--75ed2348-279f-4485-97a3-9a5ada27d799.json
+++ b/mobile-attack/relationship/relationship--75ed2348-279f-4485-97a3-9a5ada27d799.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f138b5f6-353e-4ad4-bb62-41a7fdb32837",
+    "id": "bundle--818f7a66-1e92-4dfe-9b17-a9099294efb6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json b/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
index 851f59d60d..c682eb9d35 100644
--- a/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
+++ b/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f195d81-4abf-4ed1-b40a-c4af86f4a809",
+    "id": "bundle--2ec21af5-941e-43a7-895d-c65ef86fb786",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json b/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
index 8a4e5b6e8f..1b12fd3a94 100644
--- a/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
+++ b/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb5f8201-c302-45ba-bbb9-62102e9a23b2",
+    "id": "bundle--0fd51175-a2bc-44c0-9d55-82da963ff28b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json b/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
index 4abfb34c60..5b27bb076f 100644
--- a/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
+++ b/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9be15b11-6298-4891-8e0f-3811a081192b",
+    "id": "bundle--afb4e26f-c7a6-4e56-a165-60802b821c1d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--76cc66f4-ce85-4873-a63e-879b4a14a540.json b/mobile-attack/relationship/relationship--76cc66f4-ce85-4873-a63e-879b4a14a540.json
index af35c670ef..f27493cd08 100644
--- a/mobile-attack/relationship/relationship--76cc66f4-ce85-4873-a63e-879b4a14a540.json
+++ b/mobile-attack/relationship/relationship--76cc66f4-ce85-4873-a63e-879b4a14a540.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2eb8fad9-4177-40c0-8938-efd0e1cfdac8",
+    "id": "bundle--af8e7432-f51c-44ab-9a4c-fbfff0f54b99",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7793a066-d72b-4a60-9579-e16369ea7185.json b/mobile-attack/relationship/relationship--7793a066-d72b-4a60-9579-e16369ea7185.json
index 7d63b29eb3..a8705df009 100644
--- a/mobile-attack/relationship/relationship--7793a066-d72b-4a60-9579-e16369ea7185.json
+++ b/mobile-attack/relationship/relationship--7793a066-d72b-4a60-9579-e16369ea7185.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7da0c179-4d63-45c7-b906-e8e6713fc26e",
+    "id": "bundle--e2ccf2c1-5455-4cf7-994d-6049f5a26587",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json b/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
index 08a346b1e1..40ce953ada 100644
--- a/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
+++ b/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2cfa2746-5a8f-41ad-b82d-999ab8d7c245",
+    "id": "bundle--7126543f-13c2-44ec-b6f8-accfc5f37905",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45.json b/mobile-attack/relationship/relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45.json
index d0aca0ad43..b941cd87c6 100644
--- a/mobile-attack/relationship/relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45.json
+++ b/mobile-attack/relationship/relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39ad1c33-b06e-43b8-8601-910621c3c0b9",
+    "id": "bundle--c4779415-7398-4fe2-8351-f0b7b98d1983",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json b/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
index 0a2fdf72fe..5861763757 100644
--- a/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
+++ b/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--75d58fe8-5d90-4644-8196-47ee040bd953",
+    "id": "bundle--4bb15f9c-5405-4608-b3de-8c7b4e111c63",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json b/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
index 363b8f364f..3dffeb102c 100644
--- a/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
+++ b/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e71eff2-4f09-4d90-bc7b-b9f9c1814e87",
+    "id": "bundle--5666993c-8b54-4133-a456-9d922c4e9ff8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json b/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
index 4ee9d15e56..6fe2fb623e 100644
--- a/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
+++ b/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6e52b0d-03c6-496e-8aa2-4eef9d1182e8",
+    "id": "bundle--74bf54ab-b4bd-4444-8dab-194b10018321",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json b/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
index 81bcaa79f6..89cef01adc 100644
--- a/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
+++ b/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1117bd89-f10e-4d94-ac4e-7d5c5af337f1",
+    "id": "bundle--7b554146-4908-4286-8ded-9e95eb48b05f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json b/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
index 5ac61207a3..2012c3d544 100644
--- a/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
+++ b/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a345a652-1976-4682-b469-8978df862f12",
+    "id": "bundle--421727c5-bf48-4e82-8293-fbd345e8107d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json b/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
index 9dcc679518..096bb92dcb 100644
--- a/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
+++ b/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12fc0867-6e85-4221-80e3-960e347f311d",
+    "id": "bundle--5397480e-224b-4726-ae9b-3e931e4914ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json b/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
index 3836426537..2ad75c133f 100644
--- a/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
+++ b/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdd396cc-2f5e-4c06-9ebb-1cb8a676433b",
+    "id": "bundle--b511ff0c-3bd0-4947-a6ee-0ee77bafb7f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7965128c-89d6-411e-b765-c60e0cae96c6.json b/mobile-attack/relationship/relationship--7965128c-89d6-411e-b765-c60e0cae96c6.json
index 024715fe11..bed92b81b6 100644
--- a/mobile-attack/relationship/relationship--7965128c-89d6-411e-b765-c60e0cae96c6.json
+++ b/mobile-attack/relationship/relationship--7965128c-89d6-411e-b765-c60e0cae96c6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7981f061-5590-4046-84f4-a053f1fd7d15",
+    "id": "bundle--743138e4-8fb0-4ead-8665-a59feb106dbe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json b/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
index 63fb590f63..62f09b921e 100644
--- a/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
+++ b/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9ad8a023-768a-4579-83d2-4f1b736a05ef",
+    "id": "bundle--f8825e73-f181-4666-8d0b-74f66337a0e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--79ef0025-3e1c-4914-9873-19808c2a5bec.json b/mobile-attack/relationship/relationship--79ef0025-3e1c-4914-9873-19808c2a5bec.json
index b6df3bbd8f..2dc2ee6885 100644
--- a/mobile-attack/relationship/relationship--79ef0025-3e1c-4914-9873-19808c2a5bec.json
+++ b/mobile-attack/relationship/relationship--79ef0025-3e1c-4914-9873-19808c2a5bec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a8a4d13-272f-4571-8ae6-ad72fef297ae",
+    "id": "bundle--f088945e-18e6-4f71-bc61-8ed039015832",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json b/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
index a6916e7923..df07f087ff 100644
--- a/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
+++ b/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c7e7899-43aa-48d4-85cf-baa7dd16bbeb",
+    "id": "bundle--679c1667-3afb-4b7c-a6ab-2b26470259ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json b/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
index 94738782d8..f16e4a1d51 100644
--- a/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
+++ b/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b5ceaee-1e24-4247-8079-17c4063c1ea1",
+    "id": "bundle--b94472ca-ba33-4107-b28e-8d07b366d8d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json b/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
index bdc9da89ee..ba3d7e40cf 100644
--- a/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
+++ b/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b9705bfa-e1b9-417f-a334-598246207c59",
+    "id": "bundle--6dbb7de7-2eb7-4431-b32a-bffcf5b73fa3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json b/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
index 45ff3287a7..1bc521099a 100644
--- a/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
+++ b/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f01af96-e9e4-4858-bd96-8304d866ca6e",
+    "id": "bundle--5a5b0c7f-66ee-4ebb-b137-14d7b75493f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json b/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
index 9673b0d762..69ff9cfa50 100644
--- a/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
+++ b/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4094e3e-4adb-49ee-a9ca-f3f41c3de14f",
+    "id": "bundle--84cd7e3f-f452-4be3-8807-f2ef5f966581",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json b/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
index 8b4d5a9cab..7788791dba 100644
--- a/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
+++ b/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca995c5b-281f-4b01-8e4f-c3bc423171e1",
+    "id": "bundle--92ccc3bb-7bdb-44f3-95e5-af93e93021d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json b/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
index b4fd8375f7..78e7256fd3 100644
--- a/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
+++ b/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ecb5cc6-980e-4bb9-a811-1bd154a1a9d5",
+    "id": "bundle--13c79551-2d87-48e3-9354-df5093ff3a4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json b/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
index 2ce9315222..89f024e7f5 100644
--- a/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
+++ b/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c13c8592-6ddd-4762-89a1-ff11f067d57b",
+    "id": "bundle--f7a2405e-0226-41d8-9c40-6cc563db685a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json b/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
index bdab7957ff..51e8cf67e9 100644
--- a/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
+++ b/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--edb48025-d5ad-424a-a5e3-c357dc6e76e5",
+    "id": "bundle--6decd4d3-8127-458f-bda7-8f8c0dc22827",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json b/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
index 8ae3a633f0..64645d92f8 100644
--- a/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
+++ b/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24ce0ded-7958-4b80-ba0f-3f17b93c30d0",
+    "id": "bundle--b99aac0d-8c28-4b08-8a84-d534740c3493",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json b/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
index 1ff634e20d..47f6a17c83 100644
--- a/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
+++ b/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea7a8d63-603f-448f-89a3-e861e64a6093",
+    "id": "bundle--ca995e6b-87a6-4bef-881c-0d7acaa874bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json b/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
index 776da4fa5a..04c9d61967 100644
--- a/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
+++ b/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--322e3668-53c5-452f-a45f-c11b5ceb9ec1",
+    "id": "bundle--e7dcf05d-9556-406a-8a3d-0c0733cb3a8c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890.json b/mobile-attack/relationship/relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890.json
index 8d15f29af4..584f964929 100644
--- a/mobile-attack/relationship/relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890.json
+++ b/mobile-attack/relationship/relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0662084a-2c2c-407e-9d01-6d56938ad0be",
+    "id": "bundle--fbb792fb-580c-4844-b874-18fd44635a73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json b/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
index c41d4fc227..1a9f5ed579 100644
--- a/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
+++ b/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bec18410-007c-4075-930b-75cbeeac7804",
+    "id": "bundle--7e9ab15b-3abe-4ba9-abf4-563144b1b5ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json b/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
index d03d5459a8..a9129433c1 100644
--- a/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
+++ b/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1575f40-b26a-4374-92f3-7074d1892a59",
+    "id": "bundle--73eddb4b-3814-4cf5-b6b9-8c6360404fab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json b/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
index 985da0ff12..3db3ccbe79 100644
--- a/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
+++ b/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5878b044-1d8f-4b45-9e00-dd2517a0cb01",
+    "id": "bundle--6e6cbfd8-048e-47e9-8ab9-d03c319b6935",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json b/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
index 840f5653ab..b3a55a0229 100644
--- a/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
+++ b/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5445544e-3ba6-491d-9285-5f0bde8cc73a",
+    "id": "bundle--acebece4-eb7f-4ca7-926e-bc0774fd6515",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json b/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
index 37c01c9435..37f1f56fdf 100644
--- a/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
+++ b/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b5b20f41-d874-4593-aafc-69b4839096ec",
+    "id": "bundle--c10e34d6-d232-4f1f-8dea-7c91204ff0c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json b/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
index 9ee261f73c..488008ae73 100644
--- a/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
+++ b/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64a1d0d1-3b0e-4ac4-8637-2f831b9aa487",
+    "id": "bundle--eb356b84-c145-4eb5-90a1-19ae139dd72f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json b/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
index d6f028f174..8b2fb22478 100644
--- a/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
+++ b/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6576147-2785-4b6e-a969-d25fa90b0e04",
+    "id": "bundle--53e1ebb8-553f-41c3-8e93-78d58f2578e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62.json b/mobile-attack/relationship/relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62.json
index 0476878aea..aa085cb056 100644
--- a/mobile-attack/relationship/relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62.json
+++ b/mobile-attack/relationship/relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d1725fd-f060-41b2-aeb6-2afb8de324d0",
+    "id": "bundle--9f52dd71-5ae4-4352-97db-4ceed2745872",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json b/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
index f10443e10d..fa9881ffae 100644
--- a/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
+++ b/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e2dd253-6e25-40ef-8478-972ed5372347",
+    "id": "bundle--44c5f2ef-4d0e-4980-91eb-183358a097d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json b/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
index f840d4a005..4ba6204f54 100644
--- a/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
+++ b/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dd9a48e9-c74d-4eb6-92f5-b8eed259d677",
+    "id": "bundle--3e7bffba-8a52-41c9-9dd7-eeb7b3618c1f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json b/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
index 19ecc36723..a954048449 100644
--- a/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
+++ b/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1270f4e-9913-4c26-9ae1-3c4342d86402",
+    "id": "bundle--b09c009b-7742-4cce-a8c5-52e84be9146f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7e8956e3-7d90-412d-a82f-d61e43239923.json b/mobile-attack/relationship/relationship--7e8956e3-7d90-412d-a82f-d61e43239923.json
index 7c43302c68..8c3bc65373 100644
--- a/mobile-attack/relationship/relationship--7e8956e3-7d90-412d-a82f-d61e43239923.json
+++ b/mobile-attack/relationship/relationship--7e8956e3-7d90-412d-a82f-d61e43239923.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b3d6125-6033-45a7-80d8-2a58e6542e45",
+    "id": "bundle--fbef3e39-5c66-4eb7-9a4e-3efda34bdffe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json b/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
index 7ca8a30e37..3d02294cd8 100644
--- a/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
+++ b/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a6f029e-dc50-4d44-82f0-296d4b6ab09f",
+    "id": "bundle--194088d2-a4ec-455e-be97-fea9996299e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json b/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
index 407d0b6c9b..7ce5f9dad0 100644
--- a/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
+++ b/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e35cf061-b9d8-42ab-9173-9989438208a3",
+    "id": "bundle--aff40f5e-d5c7-461f-9da5-f4fe6b30d14c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json b/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
index fc18165ee2..fdf80fef7d 100644
--- a/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
+++ b/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a921241f-866f-47af-9a5f-d23f2e58b71f",
+    "id": "bundle--e9fd5217-0825-4c53-8b9d-73af0022441e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json b/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
index 4126d73217..f635d54ba5 100644
--- a/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
+++ b/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2635df04-f846-4d92-a23b-90cb47f2729e",
+    "id": "bundle--071b71ee-50c8-4477-8e81-958cd6afc03c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json b/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
index 5954f98054..dbd001201a 100644
--- a/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
+++ b/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe7aedd4-f17c-404f-8e1b-a3ff94161ed3",
+    "id": "bundle--93a42322-cd71-4f91-9ab3-7ecb19c43ae4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json b/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
index 524262cec9..708757fbb6 100644
--- a/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
+++ b/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5717fab-d7aa-4f2c-9307-4ba2951dec6c",
+    "id": "bundle--0cce8f07-b241-4f5c-910c-c7f10aec93ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json b/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
index 0beb46d533..06c4d1be9a 100644
--- a/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
+++ b/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5c33fb72-7e9c-4105-a627-be0ba36b8d31",
+    "id": "bundle--4d31a9b5-3938-4a01-a1b7-8997d7185369",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json b/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
index e193fa4522..51b1bbfc26 100644
--- a/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
+++ b/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec9ac2dd-9e74-4ec4-8f73-a307b312bf2a",
+    "id": "bundle--72c8693f-db8f-4e5f-9660-c962cdfd1d50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json b/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
index 8f861d247e..c14589c881 100644
--- a/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
+++ b/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3b414a63-dc95-4f20-ad6a-e015241e7c17",
+    "id": "bundle--2d430b42-bce3-425f-a617-6c270e6b7ce5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json b/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
index d204b288ca..1b145d98a3 100644
--- a/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
+++ b/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fda8e1fc-3b31-4f42-a07e-280c7e3650a6",
+    "id": "bundle--4085720b-dd87-47fc-9176-0d2d7c532ecb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416.json b/mobile-attack/relationship/relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416.json
index a658483f09..0b0c84aaf4 100644
--- a/mobile-attack/relationship/relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416.json
+++ b/mobile-attack/relationship/relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7bdc5be1-8be7-4bb0-8d03-8e84cc7dd9fb",
+    "id": "bundle--ee1e093a-29b4-4f2a-a2c6-1cccf5fd3cc1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json b/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
index d4234fe804..dffe005c7c 100644
--- a/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
+++ b/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9ef781b6-5835-498c-9952-04dfc101eba7",
+    "id": "bundle--15cf24ec-de6e-4e22-aa38-6b9bb41bca81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json b/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
index 8f821731b6..9d38a79af9 100644
--- a/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
+++ b/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7231bb00-053a-4b23-aeed-d297ed0015a7",
+    "id": "bundle--e7a8ea03-2e82-4142-a316-1d505ce70edc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8244700e-6f96-463a-a9c3-810c489a2c60.json b/mobile-attack/relationship/relationship--8244700e-6f96-463a-a9c3-810c489a2c60.json
index df682df12f..cdd427732b 100644
--- a/mobile-attack/relationship/relationship--8244700e-6f96-463a-a9c3-810c489a2c60.json
+++ b/mobile-attack/relationship/relationship--8244700e-6f96-463a-a9c3-810c489a2c60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de0bb474-ce26-4e6f-b344-9cd9de715643",
+    "id": "bundle--3aba0082-2ef4-4e45-a13f-50f2d8300828",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json b/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
index 74c8d83987..db9e897ee0 100644
--- a/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
+++ b/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2230ac6e-f244-4c04-b0cd-aea510c59662",
+    "id": "bundle--ebc72f67-0339-446a-bad2-85148c249665",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json b/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
index 42aa473e2a..710a263669 100644
--- a/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
+++ b/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da7658bc-f8bf-4314-81d9-9e4d7c0e47da",
+    "id": "bundle--90d68164-ad16-4bf2-b09c-c6a6794ce4f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json b/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
index fb86162958..982449df5c 100644
--- a/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
+++ b/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f87fbe9-741b-4619-a660-b6a2adc666aa",
+    "id": "bundle--6ca98b78-9834-432b-80de-35a3d13de85e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json b/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
index 87ac27eed7..18b2158765 100644
--- a/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
+++ b/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ffd1ef90-a409-494d-81c9-7f515021258b",
+    "id": "bundle--6e5e5e0c-4de3-4e25-a5d0-baa5ed7665bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82b58c75-239e-4dac-b848-bc1f3354adc4.json b/mobile-attack/relationship/relationship--82b58c75-239e-4dac-b848-bc1f3354adc4.json
index f8ef53e705..61a1ad49fb 100644
--- a/mobile-attack/relationship/relationship--82b58c75-239e-4dac-b848-bc1f3354adc4.json
+++ b/mobile-attack/relationship/relationship--82b58c75-239e-4dac-b848-bc1f3354adc4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1658b4ad-e0d6-46ec-9045-ee51f1cfe91d",
+    "id": "bundle--01500690-3ca3-4b48-8239-9ec292ff968e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json b/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
index 28bdbde1aa..6d2d95edf4 100644
--- a/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
+++ b/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--705818c4-44b6-47d6-be57-ed6f59191120",
+    "id": "bundle--493f8e78-f4ce-4e6a-8958-131e0c9c4fba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json b/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
index bc26f85988..4e1ddc74ad 100644
--- a/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
+++ b/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e97e6540-2d7f-4bda-b9e8-b816c9d19c02",
+    "id": "bundle--745aa3eb-7cbf-477b-9622-3efa99a083bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json b/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
index 8b42fa1d4e..97660b68ab 100644
--- a/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
+++ b/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8326a324-56b0-48a2-ad0d-cc9b7fad5896",
+    "id": "bundle--0abaf707-42dc-44e7-b95a-090ca4a61a1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json b/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
index 45ef45ceb3..1e949de929 100644
--- a/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
+++ b/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b7eae36-279e-4034-9602-b32573d5d852",
+    "id": "bundle--54a55581-4916-417e-b7f2-9fe20a9470f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json b/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
index f4d5a2ce17..da4d663418 100644
--- a/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
+++ b/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c49072bc-bd22-4274-a48b-31cb9c568fee",
+    "id": "bundle--ae93ed44-5d62-4a99-ab30-983553a2eabf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json b/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
index 946eef53e2..956cc72421 100644
--- a/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
+++ b/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f70c1d40-f7ff-4848-93e0-61748272c391",
+    "id": "bundle--c5c18e7f-cca6-43ff-9c92-afa18f9503e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--848581bc-bf8f-40e2-871e-cd67042b4adf.json b/mobile-attack/relationship/relationship--848581bc-bf8f-40e2-871e-cd67042b4adf.json
index 8b17f064d5..7af98b96e1 100644
--- a/mobile-attack/relationship/relationship--848581bc-bf8f-40e2-871e-cd67042b4adf.json
+++ b/mobile-attack/relationship/relationship--848581bc-bf8f-40e2-871e-cd67042b4adf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c62b5e8-4a57-4150-a457-57b9f0c5e77b",
+    "id": "bundle--ed5ced62-b8ae-4ae1-9a4a-27143a5e769b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json b/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
index 3955a9a13d..a74a94154c 100644
--- a/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
+++ b/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7252894-cfe3-4c30-b925-3fbccbb7a44d",
+    "id": "bundle--3217a64c-7ab8-4873-99ad-8b64c7bc7cd4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json b/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
index 360c3dfd0c..ea865a9a7b 100644
--- a/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
+++ b/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3b282aec-5c3d-42a1-9981-e367b3c08e77",
+    "id": "bundle--2410d94d-8642-4b1d-a33b-9c1cff491266",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json b/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
index d902932f81..7a7628897c 100644
--- a/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
+++ b/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7fa5f35-321a-4558-8c4d-d5cca0c84f27",
+    "id": "bundle--c2b41307-812b-47da-9fc2-5fc650fbc351",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json b/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
index 137f9dc64f..fa179de23a 100644
--- a/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
+++ b/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d0340ed-7af5-4f10-a268-c2e4765ec1d4",
+    "id": "bundle--0e1e5771-057e-4b2c-97c2-af93d63d6600",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json b/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
index 20eb76ae7f..b97b7b98d4 100644
--- a/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
+++ b/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d33db01e-e59f-4e77-9ed6-7cbf9ff3c7e4",
+    "id": "bundle--49aaf6f1-b1c0-4b1c-81e9-0eecb9191cb3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json b/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
index 4358416eec..892d1d1d9b 100644
--- a/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
+++ b/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--653acc2e-b72f-422b-9183-4ae1c0ecbe68",
+    "id": "bundle--0132e74d-a9bc-4c82-aa53-3ed1e924f320",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json b/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
index 3f84fdc842..5a5eb0396e 100644
--- a/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
+++ b/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8b25911-a6c9-4342-9dc0-1750e20ce21d",
+    "id": "bundle--7748deee-5039-4fd7-9969-72313dfc0914",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json b/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
index 821d5bead2..542cbffee6 100644
--- a/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
+++ b/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dcd35755-676b-444e-b0a0-9c885249c4a5",
+    "id": "bundle--1ae7bfe8-5cbb-4e2f-94be-41a832c3cd6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json b/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
index 672efe5487..36def47ae8 100644
--- a/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
+++ b/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a45f2de-e4e6-4cdd-ad4d-ad2c46599b1d",
+    "id": "bundle--11a40207-b7dc-4268-aaf0-c66b3ca9a45a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json b/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
index 6173b7c17a..7fcac44d11 100644
--- a/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
+++ b/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--515e7d3b-c1ed-4fed-8e13-ce9c015cb0e9",
+    "id": "bundle--74befc1f-f3c0-4d87-814b-d4b790980a4d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json b/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
index 9b5afeb0f5..c3d0cd1b06 100644
--- a/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
+++ b/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9fdfa602-ed0b-428d-a604-57f029acc7bd",
+    "id": "bundle--ded5e2aa-43fd-41b1-b142-87c9d923e486",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json b/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
index 45ddebb3cb..3fcffe2b35 100644
--- a/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
+++ b/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7254162d-aa3d-4a43-abb6-d33287c439dd",
+    "id": "bundle--4ab63e54-0649-4f26-89f5-596a9b3283e1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json b/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
index 54d791d8f1..9ece601190 100644
--- a/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
+++ b/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9a661760-ce09-49cc-86f8-6363ae5d8ac9",
+    "id": "bundle--b362b8c2-ce82-4d86-919f-e54a3e92100d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--886849fc-f83c-4d69-b700-bfad0def765d.json b/mobile-attack/relationship/relationship--886849fc-f83c-4d69-b700-bfad0def765d.json
index edf52ae65c..37dcbb65a9 100644
--- a/mobile-attack/relationship/relationship--886849fc-f83c-4d69-b700-bfad0def765d.json
+++ b/mobile-attack/relationship/relationship--886849fc-f83c-4d69-b700-bfad0def765d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--751c6596-c190-48c3-a17d-466f0fb84a7d",
+    "id": "bundle--88f6f761-7fd2-4c47-b097-2b72b97a1353",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json b/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
index 72fdda21c0..605508be64 100644
--- a/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
+++ b/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cd961c3c-4f9e-46fe-a526-e8d0c1e8a0f0",
+    "id": "bundle--bb09616a-46ca-4be8-a867-0ac507c50ed9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json b/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
index 36ab4051e6..ff23ca7702 100644
--- a/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
+++ b/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e62016d4-0b08-4a62-bd48-ef5faa91dbab",
+    "id": "bundle--e02ade28-f4f7-4cae-88dc-0b4fec6c2bf6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json b/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
index d559090b41..6843d5ae26 100644
--- a/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
+++ b/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8db2d8f-8885-4b86-a060-fad7e86290d0",
+    "id": "bundle--cc48732c-a59b-4f78-a46a-4bab8b5b62a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json b/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
index 87ce9ba334..18a7b17f9d 100644
--- a/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
+++ b/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ce5ef38b-ffea-4019-a9e0-f0264b79c223",
+    "id": "bundle--93b08232-cb32-4d91-97ba-57e20addf3ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json b/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
index 42b57ce6ab..c8d1bed99f 100644
--- a/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
+++ b/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52fb3f7b-bdd1-4f1b-8b94-d78ae830054d",
+    "id": "bundle--f760c3b1-d502-4e59-ba2c-9f14218460ba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json b/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
index 1efa9ed229..0135530438 100644
--- a/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
+++ b/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a13eaac-b1ef-4b13-833e-c6236ac52863",
+    "id": "bundle--b2af5d25-a798-450a-8c48-1318957ae337",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json b/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
index a5effebf04..5df7090a0d 100644
--- a/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
+++ b/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6d3d57b5-487d-449b-ac3a-9089dd24f99e",
+    "id": "bundle--cc260d9b-643a-4fe1-9ca4-6762c4a36326",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d.json b/mobile-attack/relationship/relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d.json
index d8c4b889a2..936726994c 100644
--- a/mobile-attack/relationship/relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d.json
+++ b/mobile-attack/relationship/relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--302dc476-7098-44ba-824b-e79f6415516c",
+    "id": "bundle--0636abf7-4fba-4bb5-b8c9-284585a266c5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8a255d63-a770-4b9d-911c-bd906733ceef.json b/mobile-attack/relationship/relationship--8a255d63-a770-4b9d-911c-bd906733ceef.json
index 6f156be667..aa3a70dd1a 100644
--- a/mobile-attack/relationship/relationship--8a255d63-a770-4b9d-911c-bd906733ceef.json
+++ b/mobile-attack/relationship/relationship--8a255d63-a770-4b9d-911c-bd906733ceef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e1ee14da-bada-49e2-8395-470c0c9b0fe8",
+    "id": "bundle--08ee2cf5-c980-49e7-94ec-a05381f66026",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json b/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
index 1aa97657a8..bbb3173228 100644
--- a/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
+++ b/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5ec4bde-16d1-4068-a1dd-09318d65859f",
+    "id": "bundle--fa4e1b79-d8bd-4d32-a6ba-9a188bcefd26",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json b/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
index e431ee5ea8..edff56e21b 100644
--- a/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
+++ b/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac1f1044-6cea-4745-93d9-48e7eedb3374",
+    "id": "bundle--a1302534-2b58-4fe7-af52-22c1b38fd02f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json b/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
index 698d687aed..3bd0826915 100644
--- a/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
+++ b/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef13aa93-ec9b-4717-b72f-a4e8feac5aac",
+    "id": "bundle--abc3e897-289e-4ce0-8ff9-b5db7100515a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json b/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
index d5fb124833..20e47caa29 100644
--- a/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
+++ b/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6804e971-8467-454d-a757-75e9e4176d91",
+    "id": "bundle--41ffdbb1-de43-4e66-ac3a-7715dc16272a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711.json b/mobile-attack/relationship/relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711.json
index b172074d82..e356823cf5 100644
--- a/mobile-attack/relationship/relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711.json
+++ b/mobile-attack/relationship/relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e23e4948-dcb1-41c3-8221-cb4bca5d7ccb",
+    "id": "bundle--7e509b22-a629-4ab3-9812-5a34e3d10058",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json b/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
index 3ba578f566..c66cd6f68d 100644
--- a/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
+++ b/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c641fe93-bcf3-45fb-8653-1b89756073ae",
+    "id": "bundle--4a0e1450-8948-45fd-a390-bd04b9602b1a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090.json b/mobile-attack/relationship/relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090.json
index d9ad806459..991fbfcef4 100644
--- a/mobile-attack/relationship/relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090.json
+++ b/mobile-attack/relationship/relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aca479a7-843a-4d25-b4b5-6602117d92c9",
+    "id": "bundle--362a1561-76dc-49a6-a16e-78d818f1707f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json b/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
index 5dcccd626d..cce2357d3b 100644
--- a/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
+++ b/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64ae7c7f-f719-4001-98f1-66e4de0c1915",
+    "id": "bundle--0fba376b-9e80-4a37-9c3b-e19feccb0607",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52.json b/mobile-attack/relationship/relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52.json
index 81753040e8..0d6ff4c42b 100644
--- a/mobile-attack/relationship/relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52.json
+++ b/mobile-attack/relationship/relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb47b855-b4ae-4f3c-bdb4-edd2d83d6581",
+    "id": "bundle--ff6995d1-39a6-4e4f-ba8a-913245fb6d1e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c034c66-18ad-4b30-9f17-ed574c10918f.json b/mobile-attack/relationship/relationship--8c034c66-18ad-4b30-9f17-ed574c10918f.json
index f79d4173ab..cbb3d20abf 100644
--- a/mobile-attack/relationship/relationship--8c034c66-18ad-4b30-9f17-ed574c10918f.json
+++ b/mobile-attack/relationship/relationship--8c034c66-18ad-4b30-9f17-ed574c10918f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c8a2574-7d5b-4273-baf0-c5de01011872",
+    "id": "bundle--5d48dd76-0ebb-44de-a82e-19a062b37a07",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json b/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
index 65949f9927..20f6eff900 100644
--- a/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
+++ b/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ab8fa3c3-d466-4181-8779-b4775b1fdb20",
+    "id": "bundle--bb3655a2-caad-40dc-b376-c10007cf6629",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c50e9e7-e13c-4814-98d0-088d73b10005.json b/mobile-attack/relationship/relationship--8c50e9e7-e13c-4814-98d0-088d73b10005.json
index 13ff355536..fa11c7c1ab 100644
--- a/mobile-attack/relationship/relationship--8c50e9e7-e13c-4814-98d0-088d73b10005.json
+++ b/mobile-attack/relationship/relationship--8c50e9e7-e13c-4814-98d0-088d73b10005.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8610f57f-2829-45df-9670-0c978a26c947",
+    "id": "bundle--248c742b-8617-4b6c-bb8a-3254414713d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c656539-aa1e-42db-9016-d38f1daaae16.json b/mobile-attack/relationship/relationship--8c656539-aa1e-42db-9016-d38f1daaae16.json
index d7f64d5879..a2e86cd75a 100644
--- a/mobile-attack/relationship/relationship--8c656539-aa1e-42db-9016-d38f1daaae16.json
+++ b/mobile-attack/relationship/relationship--8c656539-aa1e-42db-9016-d38f1daaae16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8bcd4efd-5e02-4d31-8279-f34c8e02eb53",
+    "id": "bundle--ba1ff52a-5817-4855-b41b-1e1be431367b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c7598a6-6046-491d-99a7-52c31974a9a9.json b/mobile-attack/relationship/relationship--8c7598a6-6046-491d-99a7-52c31974a9a9.json
index a7c975fb44..fb4d899254 100644
--- a/mobile-attack/relationship/relationship--8c7598a6-6046-491d-99a7-52c31974a9a9.json
+++ b/mobile-attack/relationship/relationship--8c7598a6-6046-491d-99a7-52c31974a9a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--817c29b5-c5ab-42cd-8e9f-ed45cb44ac06",
+    "id": "bundle--d3ba4883-4c86-4f76-b22e-0ac05d213eb9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json b/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
index 5164cae6d9..91d0686783 100644
--- a/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
+++ b/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b199070-4dc1-4490-af01-36a0d1765979",
+    "id": "bundle--4dca81e8-7ac0-49db-af8b-1d5775c7a5e2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json b/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
index 0740dcfdd5..2c126162ac 100644
--- a/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
+++ b/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d39649c-65d8-4a38-9021-3c63b19a9acb",
+    "id": "bundle--3b97c3f4-e42c-4939-bb81-080125edd04d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json b/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
index f76004aa22..142e7ca68e 100644
--- a/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
+++ b/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e363ec43-7220-48f4-83f3-db5a1da5b826",
+    "id": "bundle--1d505468-b09a-4b1c-b75f-df2e4f33791d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json b/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
index 37fe0b4caa..60b514de4c 100644
--- a/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
+++ b/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f14f10a6-ce92-4743-b019-b4bca1b76f75",
+    "id": "bundle--6dd407d5-a7d4-433f-94e4-75aaa4761b16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b.json b/mobile-attack/relationship/relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b.json
index 518c61eebe..ba9802ed52 100644
--- a/mobile-attack/relationship/relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b.json
+++ b/mobile-attack/relationship/relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--124d1637-8f03-47bb-9ac6-dd693a68bc2e",
+    "id": "bundle--9d6a9bbf-4eb6-42e7-b452-b083d31f57f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803.json b/mobile-attack/relationship/relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803.json
index ff3f70cc30..00acef621c 100644
--- a/mobile-attack/relationship/relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803.json
+++ b/mobile-attack/relationship/relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc60fed9-b211-4922-97bd-f3b7ef8311d0",
+    "id": "bundle--a3b7b426-7470-42b5-9313-0289150fbb1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de.json b/mobile-attack/relationship/relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de.json
index 525f17c728..358aee6c52 100644
--- a/mobile-attack/relationship/relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de.json
+++ b/mobile-attack/relationship/relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59d02bdf-896e-4dce-8ed7-6029f0b9ef9e",
+    "id": "bundle--8d58091c-91fe-4920-9599-a7776a1efc8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json b/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
index 20a61fd0c8..f554766e4c 100644
--- a/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
+++ b/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ada720a-ae79-4d4d-b908-e12a91f005b9",
+    "id": "bundle--aa8e9cde-b8a9-4e0d-b628-f03c65f808b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json b/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
index 47fefa2ac2..b31aa516df 100644
--- a/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
+++ b/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ef1bc8e-3fb2-4be5-b17f-d0878b0759a2",
+    "id": "bundle--9bfbf801-97fb-4c8a-8f8e-c12de3895ad1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json b/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
index d8b53aefc8..9d8e8e11d1 100644
--- a/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
+++ b/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e86915e-9c38-4f7c-87d6-b0941058fa14",
+    "id": "bundle--6e4ba6ca-2181-48b1-b164-f1346a878229",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json b/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
index d7f6adbe47..9599ee8c93 100644
--- a/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
+++ b/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--095be871-864e-4ec2-837e-23b142678d45",
+    "id": "bundle--6acc9cc4-2f5e-45ae-ac7a-3ef2ab311369",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json b/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
index d60a095af6..87eef868a7 100644
--- a/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
+++ b/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe39e0ee-798d-40b1-913f-c51efcc3e5e6",
+    "id": "bundle--f46c540c-3c49-4cdd-bb60-9b76935725ba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json b/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
index 77109102fa..0beb91c9f0 100644
--- a/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
+++ b/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da78aece-0a41-4a38-8fa8-e0bac7334950",
+    "id": "bundle--86d874a1-7ecc-4c13-a31d-6125ff6bbb95",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json b/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
index 5e17c2ff37..ea05d48ccb 100644
--- a/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
+++ b/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3fada1e8-91fc-4d8e-a6fe-0d67bab1be6c",
+    "id": "bundle--4a0486c9-8d19-4bbb-9ac1-7450cbc167f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json b/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
index 1716653ede..65c014e4b7 100644
--- a/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
+++ b/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--401db463-2af4-48e0-a0d6-634e73ae1095",
+    "id": "bundle--843fdfd8-6392-4797-8542-f072b4db54c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json b/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
index a536266040..5ce0393562 100644
--- a/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
+++ b/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b1321ba-0c44-4496-ab56-e56b33b6178f",
+    "id": "bundle--37da4f5d-9711-416c-822e-9f648ef386dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json b/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
index 81195a3641..556688a5d6 100644
--- a/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
+++ b/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03fae601-7693-4b43-ad59-c1ce4d7e431e",
+    "id": "bundle--7be1f8cd-9749-417f-981a-f56154a4ed5a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json b/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
index 8906c7a808..9a47967ef6 100644
--- a/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
+++ b/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--db307cc4-413c-4c6c-a62a-d1029739f761",
+    "id": "bundle--4cb1d471-93cf-4b8f-ae4c-c112c06726a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json b/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
index a3231e8212..31efafdc47 100644
--- a/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
+++ b/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--43d6480c-e214-45d0-bf49-f35832f84756",
+    "id": "bundle--56635374-51ae-4752-8e65-695bd8d8258f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json b/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
index ee0c547f8d..141268a4af 100644
--- a/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
+++ b/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ad3f1887-99b9-4e9e-b753-26941553655f",
+    "id": "bundle--300825ae-b635-4007-a6a9-709b89bff07d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json b/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
index f08c5566f0..94c70a1707 100644
--- a/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
+++ b/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e650556-182c-422e-b72e-c897d5897502",
+    "id": "bundle--af083320-f78f-4320-a4b5-0c932261d777",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json b/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
index 92cf0d3b98..45e76c0ead 100644
--- a/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
+++ b/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bdbf1c88-b95f-4fc0-b6e3-770d8a99d654",
+    "id": "bundle--448b022c-a6e0-4d40-83f6-29169b90bc66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json b/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
index 175ee0dc2e..095cddbcb3 100644
--- a/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
+++ b/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--516095a1-0a50-41c0-9ee1-9b9ec2d55426",
+    "id": "bundle--b86d65d5-2bbd-4d7b-a5df-ffb17c2f278d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json b/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
index 37b1d216fc..744215a170 100644
--- a/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
+++ b/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--877aeadb-1862-4417-956d-2019223329c8",
+    "id": "bundle--b9ad0ba6-aca0-4d82-ab8d-ff779da0fa4d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--91a4924f-2519-4662-91f2-b7ef715a459f.json b/mobile-attack/relationship/relationship--91a4924f-2519-4662-91f2-b7ef715a459f.json
index b554fd9f1e..b494b443fe 100644
--- a/mobile-attack/relationship/relationship--91a4924f-2519-4662-91f2-b7ef715a459f.json
+++ b/mobile-attack/relationship/relationship--91a4924f-2519-4662-91f2-b7ef715a459f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3f1f4e5-bd33-4b0a-bd39-89213a037084",
+    "id": "bundle--b2703a29-0a00-4f6d-ad00-28121f9d6de5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json b/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
index 8d81c11809..0d492af3e2 100644
--- a/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
+++ b/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9233a1e-ae06-45b0-9f42-44adc3d47f99",
+    "id": "bundle--e47b916a-2ff7-4257-9eb5-cc1e3141d249",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json b/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
index 476cde0e00..69f5ba1226 100644
--- a/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
+++ b/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c14c482-544d-4ec2-94d7-46897942e0c1",
+    "id": "bundle--cde8f20e-39c8-4147-a5ee-8069f9b99be6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json b/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
index 78eb50c7d7..5d6821a493 100644
--- a/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
+++ b/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a614eae0-2937-47b0-9f8d-7fff73c9e646",
+    "id": "bundle--54bae4ea-de3e-4253-ad7d-48983c51428e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json b/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
index 6530b907ff..70c45a94be 100644
--- a/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
+++ b/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--694e6112-178c-4335-9c16-85ed79ce2c74",
+    "id": "bundle--e5d8c695-2487-4cc9-9750-970a04b5ee8e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json b/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
index c17b474e1c..c789d5b410 100644
--- a/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
+++ b/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c685937-228a-451b-9be5-d067d91caa74",
+    "id": "bundle--1303e151-f83d-4dcf-8d4f-69a7f758b501",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json b/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
index 78b71748f5..be8fa9e8d7 100644
--- a/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
+++ b/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6bd16d66-7880-4bfa-9326-e84c2f682e3d",
+    "id": "bundle--b860eb38-c0bd-4b02-9d88-d9beba13a722",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json b/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
index 144095f1d8..075b9bcfa9 100644
--- a/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
+++ b/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fab029a7-bca7-472c-910a-b7ac31b19f68",
+    "id": "bundle--5bd72159-4c9a-4499-aff1-376de568a2c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json b/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
index 9d1e021028..fd6b360e64 100644
--- a/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
+++ b/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9f96ec10-332d-4f14-9a25-09059e65bab7",
+    "id": "bundle--5bdd0ece-83aa-4110-89f1-d8ba2bd427ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json b/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
index 3c7b43deea..2124ee21cf 100644
--- a/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
+++ b/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c6e4f2e-cee6-4e53-bfc4-340e8316f434",
+    "id": "bundle--4330cfe5-16e4-4206-8ac8-2d8fe780c60c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json b/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
index 4305ed4076..92a814a730 100644
--- a/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
+++ b/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f90ae7d2-4375-4994-bfb2-622bc9c574de",
+    "id": "bundle--9fc2546b-66b5-45d4-9fef-c9e30e64ce9b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93b6bf37-5614-4317-8ed7-42f098152c40.json b/mobile-attack/relationship/relationship--93b6bf37-5614-4317-8ed7-42f098152c40.json
index a4e33002f0..6d66e7fd11 100644
--- a/mobile-attack/relationship/relationship--93b6bf37-5614-4317-8ed7-42f098152c40.json
+++ b/mobile-attack/relationship/relationship--93b6bf37-5614-4317-8ed7-42f098152c40.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--045cee51-14bd-44d2-a30c-aa36c9008594",
+    "id": "bundle--0c3dd57b-b5bc-4d31-b820-7c623d51ffd0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json b/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
index 628b5ead96..3403bdd56a 100644
--- a/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
+++ b/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a8c542e2-df4c-4d5c-8dab-62a833eab314",
+    "id": "bundle--96fd5608-798e-469f-bb2e-f7052950e903",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json b/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
index 46e1188a71..a152ddcda3 100644
--- a/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
+++ b/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52dda02d-0878-47ac-977e-9050d37813af",
+    "id": "bundle--c6f0c1a0-e5af-4142-beb5-551c0588df6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json b/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
index 2ee0fd34ab..cfcf7f0707 100644
--- a/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
+++ b/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68dcdf17-c2a1-4d1d-9dc4-9444827493d8",
+    "id": "bundle--b1fedc25-6c18-4576-a1b9-43d860dfd39e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json b/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
index 7ce98d860c..08363688b7 100644
--- a/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
+++ b/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e3fde0e-982a-455e-ad7f-252f9be15ab5",
+    "id": "bundle--4c2dfd05-e8cf-403f-8fd2-33d66dcea31f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json b/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
index 81ad8553d6..7e4f193668 100644
--- a/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
+++ b/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65363ca4-e54a-4689-a3c2-ab7fc8344648",
+    "id": "bundle--d5792d3c-18ef-4587-a1b1-6fb2f4c6aaa2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json b/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
index ba5e098288..d5f965f303 100644
--- a/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
+++ b/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9174f9af-d44e-4a4e-9c72-8856bdca3639",
+    "id": "bundle--2dd42649-2bdb-4f38-8ba5-2d382488dcdf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json b/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
index b2d8545121..45cf6aa140 100644
--- a/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
+++ b/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--14043a0e-8f48-4219-863e-d2b7447bcb9a",
+    "id": "bundle--c6e8f001-a879-4a31-81a3-e48b9d42ec29",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json b/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
index b51aa62a5d..a1040aec9e 100644
--- a/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
+++ b/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b319082-6a2b-4b27-b1b8-c1c1463a89cd",
+    "id": "bundle--f4c7509f-a6a5-4e0a-8443-dbf498a49953",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json b/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
index 96881a3721..878323ea43 100644
--- a/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
+++ b/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12bbf2c4-8155-4a0f-83bf-711fd8444f2b",
+    "id": "bundle--b7e872ab-9d7d-4a2c-84a6-a0ec1902d913",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json b/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
index 13f45635da..e7ba143b97 100644
--- a/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
+++ b/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--edbd7012-943e-4260-98f3-15100e9b2895",
+    "id": "bundle--6c41f541-6620-45bd-9f0e-2511996a0590",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json b/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
index 11065e6d38..e0787f8449 100644
--- a/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
+++ b/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ffcf6d7-4766-4d33-9a44-09c3872b5222",
+    "id": "bundle--98e67034-3362-4c53-8bb9-58921eafb5c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json b/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
index 14b58c1d6f..479ab94e08 100644
--- a/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
+++ b/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ab0577a-e7ce-4aed-80ce-3281afbe90cc",
+    "id": "bundle--26fc4c1b-b864-488d-9c16-5220e9d6c669",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json b/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
index 13635789b4..9dfbde6651 100644
--- a/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
+++ b/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--644668e3-71c1-46b7-b781-b90705aaab0b",
+    "id": "bundle--ac53c72f-dc88-40a4-8118-2e4b8dd3a1ba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json b/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
index c287fbd5c2..7523400b54 100644
--- a/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
+++ b/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdd3afc5-66b0-42a4-bbf8-968756d32f37",
+    "id": "bundle--581862bb-ca94-4b4f-ada1-5aa8a2b4059c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json b/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
index f74dc8357c..15fb8a9f42 100644
--- a/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
+++ b/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e3c56b4-a628-4ab4-a9d2-12f9da8deef3",
+    "id": "bundle--847c61e1-8bf5-4bcc-9a2e-fd2b04508f50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json b/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
index abeae0094d..94aa30d708 100644
--- a/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
+++ b/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f2cd727-b7d3-48c6-a36f-ada1bd777306",
+    "id": "bundle--04c11a9e-e923-4c62-a5f3-4d4d8e9272bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json b/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
index acc91f2eb8..af312e258d 100644
--- a/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
+++ b/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1595f42d-6e21-45bd-b642-9f2616a4d724",
+    "id": "bundle--ac587949-537c-414b-b765-16cb9f292bc7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97408547-bacd-4308-a8be-556e9ff04951.json b/mobile-attack/relationship/relationship--97408547-bacd-4308-a8be-556e9ff04951.json
index 4b7d8e7228..9de6cc3e13 100644
--- a/mobile-attack/relationship/relationship--97408547-bacd-4308-a8be-556e9ff04951.json
+++ b/mobile-attack/relationship/relationship--97408547-bacd-4308-a8be-556e9ff04951.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af41bff9-7919-4a4f-a043-34c31adf79c6",
+    "id": "bundle--581b7de4-3989-4e86-8b4d-94acd8d88e6d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json b/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
index b040dfcddd..4bb27ce28a 100644
--- a/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
+++ b/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5c271149-486f-4547-b102-e78928e70605",
+    "id": "bundle--448615f4-af20-4182-ba1e-50c8097e7474",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json b/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
index 8d1e9af93a..bc5ca7b156 100644
--- a/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
+++ b/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e4ce7f7-67ce-4ed2-bbc5-bb326aba17b9",
+    "id": "bundle--cd95b305-f4c5-470b-9ed1-a482c9595bf4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json b/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
index 9857082472..b86ca71226 100644
--- a/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
+++ b/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4c00aec-dbfd-4569-99f4-2c047f23a793",
+    "id": "bundle--f81789de-a9d1-438a-b920-5a0df56f2200",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json b/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
index 21fd16fc68..6b4ba8da1e 100644
--- a/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
+++ b/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a72d13f1-e8e7-495a-8fd5-7e34440b6c41",
+    "id": "bundle--f175ba65-e8ca-46d9-9b4f-bc2bf863b802",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json b/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
index 5f33c08d5f..5c0823a0ea 100644
--- a/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
+++ b/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--568d36b4-3ffa-40aa-b5cb-7ea2f181e342",
+    "id": "bundle--a533b48d-848c-4cbe-880d-72ef6d5cf306",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e.json b/mobile-attack/relationship/relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e.json
index cc3a083c53..a7a10c158e 100644
--- a/mobile-attack/relationship/relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e.json
+++ b/mobile-attack/relationship/relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77066edc-ba3a-4e62-a723-01e2a29562df",
+    "id": "bundle--75b71b0e-ee7a-4a10-9c08-ac8dee1eaf0f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98ae9cb2-1141-48c6-81fd-f16adb430031.json b/mobile-attack/relationship/relationship--98ae9cb2-1141-48c6-81fd-f16adb430031.json
index af976258e1..1c8742cfea 100644
--- a/mobile-attack/relationship/relationship--98ae9cb2-1141-48c6-81fd-f16adb430031.json
+++ b/mobile-attack/relationship/relationship--98ae9cb2-1141-48c6-81fd-f16adb430031.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c2cbd3a-8c93-433c-aac5-2f1a100d0627",
+    "id": "bundle--d6361928-b2f7-4b22-819c-5d382d26bf0d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json b/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
index 836d44d708..a76166bafd 100644
--- a/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
+++ b/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da2a80a2-3240-4d2e-889b-ac00bcaac24f",
+    "id": "bundle--04a98f42-ebab-4ee2-b66e-03ca08f88e48",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json b/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
index 0590b6a664..6b1640a6c3 100644
--- a/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
+++ b/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cf4bac9d-87aa-41fa-aa82-4b5aa86f5b29",
+    "id": "bundle--3e135d5e-7e26-4890-adeb-4faaed7567ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json b/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
index ca198e65de..3ed8c30547 100644
--- a/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
+++ b/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0584cb6-2528-45b9-a774-8ab672b4986b",
+    "id": "bundle--5f7af434-7970-4ba6-9690-b3233fb8f65f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json b/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
index 68ef5896a6..e1ce101e70 100644
--- a/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
+++ b/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e43d4c9d-b8b6-4972-aded-e28c4babaece",
+    "id": "bundle--7c2d704f-9480-4f47-912f-95b6e8b5f143",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json b/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
index 3e9f94a937..ca1a0b3984 100644
--- a/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
+++ b/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26305ac0-bb20-4e09-b59c-19a7e8729eb2",
+    "id": "bundle--c1038df8-626f-458c-b897-26c53a357349",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9b56528f-cf04-4d81-80ee-7bacb862383a.json b/mobile-attack/relationship/relationship--9b56528f-cf04-4d81-80ee-7bacb862383a.json
index 3099f919f4..e521a686d3 100644
--- a/mobile-attack/relationship/relationship--9b56528f-cf04-4d81-80ee-7bacb862383a.json
+++ b/mobile-attack/relationship/relationship--9b56528f-cf04-4d81-80ee-7bacb862383a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7deb987c-e6ef-4575-93e0-6a93392a0773",
+    "id": "bundle--a694e357-a5c9-4fbd-82af-619de7eebd19",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9b8b51fb-c380-4516-b109-821f015506d4.json b/mobile-attack/relationship/relationship--9b8b51fb-c380-4516-b109-821f015506d4.json
index 523e46e208..1f9f6242f9 100644
--- a/mobile-attack/relationship/relationship--9b8b51fb-c380-4516-b109-821f015506d4.json
+++ b/mobile-attack/relationship/relationship--9b8b51fb-c380-4516-b109-821f015506d4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--86434e8c-a2dc-45c4-b8ee-02bd152a4757",
+    "id": "bundle--939d9034-8294-470e-b5cb-63eeafb8b35b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json b/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
index 3e9b581001..c0d39d08b1 100644
--- a/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
+++ b/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5bee250d-e1b7-441b-9f50-96da4f4e4d45",
+    "id": "bundle--be8c8884-dd01-40d9-8902-eb19ac5007dc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json b/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
index 2cc4286d4e..bdecc448c0 100644
--- a/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
+++ b/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1bc6b3c-fc37-4384-961c-d2c53ac85143",
+    "id": "bundle--4ce121b9-0e46-4412-8d35-a4dd6aac60f4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json b/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
index fe8d65f0b3..247df4b9c6 100644
--- a/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
+++ b/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1e6cd6f7-be35-4f98-a8c2-fc5fb6303568",
+    "id": "bundle--46decb2f-eed2-48ba-9486-d4b06d4e603d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json b/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
index 4e523b3a9e..1d01065ea3 100644
--- a/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
+++ b/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64ed1fb2-0186-473d-9b7a-3d51ea1275a6",
+    "id": "bundle--0aa27287-1d04-4ccd-af69-ca5720a15f97",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2.json b/mobile-attack/relationship/relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2.json
index c74bcf263e..4e3fda39dc 100644
--- a/mobile-attack/relationship/relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2.json
+++ b/mobile-attack/relationship/relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9bc8b431-0dcb-45dc-812b-b2ef01a28f24",
+    "id": "bundle--0f31bdbb-1a06-493a-859d-f3ac8c22553b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e.json b/mobile-attack/relationship/relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e.json
index 053d1411b8..c7a44f5190 100644
--- a/mobile-attack/relationship/relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e.json
+++ b/mobile-attack/relationship/relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6c8a41f-4657-4ae3-babb-f0663c6c2e92",
+    "id": "bundle--083dc2d5-8a7a-4ff7-8ec8-d44ca17bfc0e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json b/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
index c1be28228f..cdd2c4ba56 100644
--- a/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
+++ b/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24e031f2-a281-4c1a-a218-185e41d6c11b",
+    "id": "bundle--af42e39d-3c4e-43fc-90b6-39b275e9304c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json b/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
index 0081cf184f..58aeaf3ced 100644
--- a/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
+++ b/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ad664a16-31d1-42d2-820d-f333b95cc655",
+    "id": "bundle--70e7bd11-0fc9-4ca3-a52a-2e1c8ebc66f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7.json b/mobile-attack/relationship/relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7.json
index 115af64959..4630632269 100644
--- a/mobile-attack/relationship/relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7.json
+++ b/mobile-attack/relationship/relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f266ca0-9e22-4aa5-8d7a-6105f4a8dd9d",
+    "id": "bundle--e4bb4068-3b09-4592-a029-3eecf160a0a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json b/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
index 4e26396e06..aa9b0de979 100644
--- a/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
+++ b/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebc6880f-b92e-4b2b-9d16-37d9832a9bbd",
+    "id": "bundle--b31104c9-798d-4c65-8a07-c19c575bd028",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json b/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
index 7ed938a72f..5e5920e41b 100644
--- a/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
+++ b/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5d372b71-6295-4914-a6eb-84df476b4fc4",
+    "id": "bundle--03d5a0e8-f09e-4ef5-bd2e-698eb6b916b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json b/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
index eec6223f21..2a07561507 100644
--- a/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
+++ b/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--90d2d97e-291b-4345-805d-d9e47d63b59d",
+    "id": "bundle--e5428a0c-d4e0-4ec7-8bec-6a50a5c36759",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json b/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
index e219ea3ebb..df467f342f 100644
--- a/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
+++ b/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--354c18fb-d362-45ce-9b1f-ae5086a87b8e",
+    "id": "bundle--e7e4661a-d059-45e9-9692-f0617b935282",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json b/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
index 4977ca0e0a..c89df13905 100644
--- a/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
+++ b/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f21c242-9d31-416e-aa44-6767fdfd71d0",
+    "id": "bundle--ab074785-c3a1-4da2-b530-cf4aa194e997",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json b/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
index f6c18f954f..a466e15d13 100644
--- a/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
+++ b/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a71d38e5-fb6a-42c3-9964-9564e5d1ba77",
+    "id": "bundle--5930b43f-a19e-4a61-ad5b-c95001584edc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json b/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
index 15dbf76c24..698d0e2335 100644
--- a/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
+++ b/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5aaba2de-30d6-4708-8aa0-a856e4d68c4f",
+    "id": "bundle--364d3fc9-71c9-4eaa-bb6d-f45feb98c272",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e95ef68-0650-49eb-888f-47c211481be9.json b/mobile-attack/relationship/relationship--9e95ef68-0650-49eb-888f-47c211481be9.json
index d2b8339fa7..d4c58b7185 100644
--- a/mobile-attack/relationship/relationship--9e95ef68-0650-49eb-888f-47c211481be9.json
+++ b/mobile-attack/relationship/relationship--9e95ef68-0650-49eb-888f-47c211481be9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--55b9e061-f71c-48ae-b145-cbf27a87c271",
+    "id": "bundle--56e33ddb-d5f7-4a1b-a5d4-6cc2ca7461dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9f83d618-a42d-4797-b9fe-030affdbd13f.json b/mobile-attack/relationship/relationship--9f83d618-a42d-4797-b9fe-030affdbd13f.json
index f973c3099e..1e1745057c 100644
--- a/mobile-attack/relationship/relationship--9f83d618-a42d-4797-b9fe-030affdbd13f.json
+++ b/mobile-attack/relationship/relationship--9f83d618-a42d-4797-b9fe-030affdbd13f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4f52a36-2248-4538-86ea-96bb52d277cb",
+    "id": "bundle--aed2810e-142a-4d4c-88f7-0458e6717e3e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json b/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
index 9561ed2763..291be63f67 100644
--- a/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
+++ b/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--90afe75e-1b81-4b83-a654-7679e4c10e28",
+    "id": "bundle--1921a67e-cbb4-48cc-8559-75eddc4e9244",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json b/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
index d5f49ddff1..3f82a436e7 100644
--- a/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
+++ b/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8662acc-f857-448a-8b55-c5a93ec4487a",
+    "id": "bundle--88edc25c-737f-4111-979c-df40e87055c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json b/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
index 4353f38fc3..04530674e0 100644
--- a/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
+++ b/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--335b9b81-b1bb-434f-aba5-05d55429c127",
+    "id": "bundle--978f8eed-d796-4070-9600-d126198b4c90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json b/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
index 38b70e402f..dc1070429e 100644
--- a/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
+++ b/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64eafa3a-3e18-4fb8-9c33-b5bcebe13c00",
+    "id": "bundle--6a4cedfd-efad-453a-ac31-4a125147e55f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json b/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
index d86dd2ce21..ee964e58c7 100644
--- a/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
+++ b/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a5e02d2-0f11-4099-8b0d-ed9daa83dd0d",
+    "id": "bundle--e61bbae2-292f-4a89-b345-91d241ad90aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json b/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
index d96ea5ff13..9b809cf650 100644
--- a/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
+++ b/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eafe9ec3-18f5-4c87-9b22-48edb80a390d",
+    "id": "bundle--aade2a35-0b66-4da2-830a-a57568e0e69c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json b/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
index 3f8230956f..c1077f3d74 100644
--- a/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
+++ b/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ded1d1f-9320-4438-924c-f4a488815efc",
+    "id": "bundle--2f2970e2-beab-4b4a-b538-26cf34189788",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json b/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
index a9cd47de4a..6fef3a4630 100644
--- a/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
+++ b/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ba67a82-e2d9-45cd-9d57-cd3ab5432c19",
+    "id": "bundle--85dc68fa-3080-431f-9c36-e970ccb580a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json b/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
index e4f0e7d74f..ffcce1e00a 100644
--- a/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
+++ b/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c06bbf0c-0a40-4119-ad91-5ec65e3b9865",
+    "id": "bundle--29acbed7-437f-44fd-9aea-3a495d7b94e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json b/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
index 4b6660586f..208ffd2323 100644
--- a/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
+++ b/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd52e07c-d44d-4d0f-bb33-a7e5ce7bf9cc",
+    "id": "bundle--f6d6fe97-238a-44fa-8182-9d93b5288371",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json b/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
index 3efdd80b49..330b15ab61 100644
--- a/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
+++ b/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a6010f5-82c4-4366-9b8f-8e9c303c9089",
+    "id": "bundle--3133ceea-eee5-44e7-88e9-9b77ceece3b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41.json b/mobile-attack/relationship/relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41.json
index a55fbef03f..59ac44c15c 100644
--- a/mobile-attack/relationship/relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41.json
+++ b/mobile-attack/relationship/relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73eab1ee-d450-477e-b047-a9d8c1d126a0",
+    "id": "bundle--7b079a0b-dacd-4283-a9a4-ce7658d313e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json b/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
index 89b6aed18e..8d45f654a8 100644
--- a/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
+++ b/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a8fc4b91-76b7-4202-b627-1e5986d20ef8",
+    "id": "bundle--c4ad92ab-16e9-480e-9d87-9368a4b02cff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json b/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
index 79180e4c08..0790a9188c 100644
--- a/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
+++ b/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2325f34-2b5c-4ee1-abc3-d6db0ee65f6d",
+    "id": "bundle--1da75eae-6628-41e6-92ed-9fb34e2d04fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json b/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
index 963ad08bc2..d8c1701c04 100644
--- a/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
+++ b/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d9b2e2d-bc68-4a6f-bba1-1a6ea6e423bd",
+    "id": "bundle--bbc5ab17-0844-4ce3-a62f-20e6cbcd16d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json b/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
index 4f4b2d502f..bbab28d459 100644
--- a/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
+++ b/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e994265f-449c-4709-80c6-e4c3c71cce0d",
+    "id": "bundle--f08cc2f6-11ea-4ecd-af76-77c32a70cf87",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json b/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
index f52e78ac4d..2c75792990 100644
--- a/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
+++ b/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54651cb8-aed3-4f08-986d-392782cba9fd",
+    "id": "bundle--cec576d0-a84c-41ee-bcc6-ee1a900ec919",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json b/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
index 0d739d71b7..02b17844e1 100644
--- a/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
+++ b/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af4ea10f-200d-4771-9d48-fc24ed094e90",
+    "id": "bundle--04705987-489e-4011-bb76-3ae34e4186ea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json b/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
index 4900918bc8..5a8d01f6c4 100644
--- a/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
+++ b/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a33b82f-d475-499a-8522-78846c4e3e99",
+    "id": "bundle--421a1b78-d447-48fb-8616-26252882fa91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a.json b/mobile-attack/relationship/relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a.json
index 0df65ed756..8a68f30027 100644
--- a/mobile-attack/relationship/relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a.json
+++ b/mobile-attack/relationship/relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4c81762f-f95a-464c-8ea0-00f5b027957c",
+    "id": "bundle--7b55a8e1-176d-4c1d-a1ea-8ca6fd191d2a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json b/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
index 76acad0f19..4458936e6b 100644
--- a/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
+++ b/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7fa78005-6ee4-4232-b875-44df3fb9066d",
+    "id": "bundle--bd683975-7a25-4bc5-ac3d-2d81663a66ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json b/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
index 4d76b95541..3456f14482 100644
--- a/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
+++ b/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81626a70-0635-479d-a399-679f0dd1030b",
+    "id": "bundle--3f4d7d56-dc8e-46fb-ace9-82810add189e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json b/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
index 960f461735..eb01916e94 100644
--- a/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
+++ b/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e14af6a1-a997-4642-9d72-03abeaf4806c",
+    "id": "bundle--9c4ace51-f757-4f98-b0df-1321c371d03e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json b/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
index ac242e30c2..b613a3e841 100644
--- a/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
+++ b/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ecce5c6-a4e5-49dd-b36d-488e61f0d95c",
+    "id": "bundle--6a17e6e4-d71b-4ad4-8a3f-72ac03ac535c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json b/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
index 2824c3c91b..16a348387f 100644
--- a/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
+++ b/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--165de543-7535-49d1-a527-ca72ca8122b7",
+    "id": "bundle--7b1bdd39-e5d6-4615-8ee1-06e269699820",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json b/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
index 28b405297d..705584ac50 100644
--- a/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
+++ b/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f562b142-b7c7-4155-961e-241b199c0571",
+    "id": "bundle--41814603-e068-4e28-aa9b-07031aa05d50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json b/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
index e724ea8ae1..8f0069c495 100644
--- a/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
+++ b/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f2d47c8b-92b9-4bb8-a251-8016b64630e4",
+    "id": "bundle--7374ab02-3104-4afd-9c1a-d6e9d0ab90ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json b/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
index 080dd39cda..b7f8b6053d 100644
--- a/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
+++ b/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e03237ae-5cd3-4fd5-8bff-891e38b6ccf4",
+    "id": "bundle--4f68cb42-7f73-4acc-b307-f789da5307f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json b/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
index ed687d79a6..1e643c142f 100644
--- a/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
+++ b/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cf5f0739-7867-4daf-8abb-3c9a0d038180",
+    "id": "bundle--6f8fa075-4c39-449e-9dc3-56ba46ca7d8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json b/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
index 28cc86639b..ac150fc6db 100644
--- a/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
+++ b/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c8d3b39-88d2-4dce-b51f-f1ac06eb5cc7",
+    "id": "bundle--330bb7f2-48dd-4bb1-9f6d-69c54d21100f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json b/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
index e9a19f9a76..bc17c781e7 100644
--- a/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
+++ b/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--36e5956b-6c7c-4ef7-a9dc-d2400e6457ed",
+    "id": "bundle--600df822-e3d5-4d05-984f-b58fc0501063",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json b/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
index c09d7f20ee..2638d30582 100644
--- a/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
+++ b/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73efbe10-f37e-4d48-b670-7221d7925e68",
+    "id": "bundle--66ab71f8-6513-4631-8568-8e33c1f3868d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8.json b/mobile-attack/relationship/relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8.json
index 58b4e3104f..44993806bc 100644
--- a/mobile-attack/relationship/relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8.json
+++ b/mobile-attack/relationship/relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8535d4e6-f78c-43d5-9980-dbd2c27bb347",
+    "id": "bundle--acacdc65-3d1b-486b-8d0f-87cff10f84c5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json b/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
index 91f177ffe7..d7370d0140 100644
--- a/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
+++ b/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6448ef8-7e71-4b78-bef4-6e83d87b88e9",
+    "id": "bundle--04f7b0ea-154e-4dcb-9dad-1cc461186d62",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json b/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
index 64028d7ac5..6f93e4a297 100644
--- a/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
+++ b/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4025679-f4ee-4340-afc7-fdb4ce58d08a",
+    "id": "bundle--cab86a7d-88dc-40f9-a486-abc0427dcb2e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json b/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
index 0e63d9d8f4..807a32bfd4 100644
--- a/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
+++ b/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5cb068d2-3b93-44c9-a5bf-3e1ba52b100c",
+    "id": "bundle--6509d2f2-afc9-4ee5-a34b-358bf068f409",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a563fc97-a452-4348-a831-f4fb55c71e35.json b/mobile-attack/relationship/relationship--a563fc97-a452-4348-a831-f4fb55c71e35.json
index ef8550722e..ca3be2f1a5 100644
--- a/mobile-attack/relationship/relationship--a563fc97-a452-4348-a831-f4fb55c71e35.json
+++ b/mobile-attack/relationship/relationship--a563fc97-a452-4348-a831-f4fb55c71e35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd0c93a7-38a5-4626-b8db-9380229f91fb",
+    "id": "bundle--3b96b051-0b6d-4b31-b6ec-3a9a7692204e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5b37f26-7629-4195-9536-12e349e5843b.json b/mobile-attack/relationship/relationship--a5b37f26-7629-4195-9536-12e349e5843b.json
index 01c9e23e4a..168fa89f37 100644
--- a/mobile-attack/relationship/relationship--a5b37f26-7629-4195-9536-12e349e5843b.json
+++ b/mobile-attack/relationship/relationship--a5b37f26-7629-4195-9536-12e349e5843b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8adbfa9f-2f89-4ad6-864b-9bd45356e6df",
+    "id": "bundle--e5f39f2d-2733-47f5-a836-a73a4484d3d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json b/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
index 426bbc9671..638cca236c 100644
--- a/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
+++ b/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50dba94d-5354-4465-8a90-8d5b4b496865",
+    "id": "bundle--6c83be38-3a90-4ca1-b9d2-a7cc760ae220",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json b/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
index 5aefcd309c..d498111cb3 100644
--- a/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
+++ b/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37dd6acb-b4f8-4a1c-910c-aa53c9a77c55",
+    "id": "bundle--8bafc7b4-f5d5-40f4-a838-cae1a8f61546",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b.json b/mobile-attack/relationship/relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b.json
index 473591b447..8459405679 100644
--- a/mobile-attack/relationship/relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b.json
+++ b/mobile-attack/relationship/relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d8ddfbe-86a9-419a-a97a-66366f9d9c65",
+    "id": "bundle--d15ecaae-27aa-49ae-9bb2-c657baf4f21b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json b/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
index 7f0944ff8b..6b8be6ee1a 100644
--- a/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
+++ b/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a849cddf-63ef-4cc5-9dc5-72c23c0c1d37",
+    "id": "bundle--bc493294-bbe1-487e-a746-4961a114ea63",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json b/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
index 0c144c1a61..9654f2953b 100644
--- a/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
+++ b/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c54da93-0ce1-4f7c-acc7-71c12e27d136",
+    "id": "bundle--4dada18c-e6bf-428c-a9da-e33b1597c2c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2.json b/mobile-attack/relationship/relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2.json
index 5fafd67d37..75e5200c99 100644
--- a/mobile-attack/relationship/relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2.json
+++ b/mobile-attack/relationship/relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64d6d7df-9527-43f7-9fdf-ec263d2efbe3",
+    "id": "bundle--2481aa1c-fac4-4140-85e8-9cdf66c4655c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json b/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
index 60a5c28464..97fa2f0316 100644
--- a/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
+++ b/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b71a351c-eb1e-4a66-b0ed-8d94a41a43f1",
+    "id": "bundle--5fed6b25-b2a1-48bb-a6c5-db2414a8c7bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json b/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
index 10106e0171..a1c1636c69 100644
--- a/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
+++ b/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--060985b9-17d6-490d-81fb-a7cedc7544f4",
+    "id": "bundle--4aa368b0-b3e3-4f93-98c3-2f707ef4f8f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json b/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
index a923fe1d41..026dbbbe1a 100644
--- a/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
+++ b/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0bfe84c-c85d-4950-abdc-9201f158b620",
+    "id": "bundle--adba7162-0747-40d2-84c3-3284449e6766",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json b/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
index 915beb67ba..48caa446d1 100644
--- a/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
+++ b/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d62e5b4c-c9b1-4cb3-be24-6eb62d5a9e3c",
+    "id": "bundle--8cd7b79b-33ce-4ebc-93d1-c28c5873b316",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json b/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
index f1ddb7e3c4..96e2c0332c 100644
--- a/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
+++ b/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b04d504-a3a7-4d4c-a9cc-ede3085f3f30",
+    "id": "bundle--41679472-597e-435a-a527-d445c7ad1fbd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json b/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
index 09b72f6150..c74648abb6 100644
--- a/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
+++ b/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--209871b8-06cf-4aa3-a7d9-bde4708a78ae",
+    "id": "bundle--b5a1e6a1-26b6-4baf-8f71-f2e7d2f6a9ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json b/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
index ce86edbe4b..c11d12f42c 100644
--- a/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
+++ b/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b226753a-847d-4ad1-a8ef-22780b79d6cc",
+    "id": "bundle--8deb8008-b75a-42bf-85cf-71de28650d26",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json b/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
index 5202571cfc..fe076cb701 100644
--- a/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
+++ b/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a768036-234a-49b3-a2ab-950ccf3343b0",
+    "id": "bundle--0ba7595f-7022-4731-b327-ac3e5168e5d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8565c17-7054-4d3f-bca5-6e17dc931491.json b/mobile-attack/relationship/relationship--a8565c17-7054-4d3f-bca5-6e17dc931491.json
index 6d306c2018..169a190e13 100644
--- a/mobile-attack/relationship/relationship--a8565c17-7054-4d3f-bca5-6e17dc931491.json
+++ b/mobile-attack/relationship/relationship--a8565c17-7054-4d3f-bca5-6e17dc931491.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f2bf3ee3-a16d-40b5-854f-79dceaf1d8e3",
+    "id": "bundle--0fd0b99f-f94a-4129-be4a-2947d922025f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json b/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
index 4cdab145c4..3f5b38b079 100644
--- a/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
+++ b/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96f59854-8bd4-4a71-b3c2-b2093f03fe16",
+    "id": "bundle--df60fe45-9219-4c94-a137-0f2d8c44185d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json b/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
index dd34579c54..8ddc3efaea 100644
--- a/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
+++ b/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--563c68ed-96f2-4b56-8842-fcf6e502a66e",
+    "id": "bundle--591a992f-6ac3-4055-81b7-af58ec1bd691",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json b/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
index d32fd46210..534cdd8773 100644
--- a/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
+++ b/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0be7cc32-4d4a-4e11-b50c-acc7c0de56fb",
+    "id": "bundle--a84e1e41-adf5-4ad4-8f2e-99de0e250c79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json b/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
index 7d88ddeb75..ff888622cf 100644
--- a/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
+++ b/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--acde5d26-9b90-412e-86af-ecb7d83396c0",
+    "id": "bundle--c998075f-6087-416b-9c98-e33321c385bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json b/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
index 6ecdc1559a..2f73beeb0b 100644
--- a/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
+++ b/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3b2c824-6506-4b61-9abc-2a35da7e9c4d",
+    "id": "bundle--30039c00-e7dd-43d5-a335-48a8d311dfe4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json b/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
index aa4474e2eb..ca6bbd88a6 100644
--- a/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
+++ b/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73520cb2-aa8c-4f78-8fb5-b0cd1ee1a0d7",
+    "id": "bundle--e35f3200-d601-4b9f-9064-1b44fd9a877d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a93ee044-bd5d-48f3-972e-0abab780c35c.json b/mobile-attack/relationship/relationship--a93ee044-bd5d-48f3-972e-0abab780c35c.json
index 699829dcd8..29f6a91a8c 100644
--- a/mobile-attack/relationship/relationship--a93ee044-bd5d-48f3-972e-0abab780c35c.json
+++ b/mobile-attack/relationship/relationship--a93ee044-bd5d-48f3-972e-0abab780c35c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6bca3692-95dd-4e74-bec3-dbeb765ce3d6",
+    "id": "bundle--716f79c7-2bec-4967-b54c-7ea383b47196",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json b/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
index 43551ae117..22583a8691 100644
--- a/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
+++ b/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ad23dfd-503f-4e5f-8189-07885f753737",
+    "id": "bundle--64ec483d-51cd-42ca-930d-b1d5be76e95e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json b/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
index e5efaaca82..1e79ecb42d 100644
--- a/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
+++ b/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4eae9498-54de-4dad-b797-15b45c4d13f6",
+    "id": "bundle--40f1bd2e-305e-4d31-8d4f-e98ae870e131",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json b/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
index ef30d9379c..25c59892e6 100644
--- a/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
+++ b/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e50a1545-e96e-43a5-9675-3e540f130cab",
+    "id": "bundle--d026b1ca-2895-4580-9dd1-7451ac9494a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json b/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
index 60b32cd4a6..a90533af63 100644
--- a/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
+++ b/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ffbcc868-f384-45ef-b0a0-18faab810a30",
+    "id": "bundle--cecfcb2b-3b43-41c2-bffc-7ea408f713f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json b/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
index baadab22db..fdb5cffbd5 100644
--- a/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
+++ b/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8074faa-f3d6-4888-b4aa-c82410497df9",
+    "id": "bundle--231e9dfb-474c-4712-b959-c2ca411afcc6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json b/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
index 3d6c8baaa3..9e6d084c2e 100644
--- a/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
+++ b/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c51b6405-72b1-4e2a-999b-81649e78f5ad",
+    "id": "bundle--7b200b00-30b0-4f01-8ae8-7223e25bf02f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json b/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
index a82eb854bb..48342d4438 100644
--- a/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
+++ b/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c9b9cf5-23de-41a9-bc8a-55ccd2e32702",
+    "id": "bundle--2273cd6a-a53f-4da0-be65-9ec7e2662f73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json b/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
index 70d832389b..411b331567 100644
--- a/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
+++ b/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dcc564d7-d5fa-4ff6-9148-dcd9120f0cd7",
+    "id": "bundle--18740162-ba05-4596-957e-8b36d94c214b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json b/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
index b0c00d455c..cebd03a22d 100644
--- a/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
+++ b/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--09c60020-88b8-458a-846e-276b18d1823f",
+    "id": "bundle--3368334c-9412-4800-816f-607387724440",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json b/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
index 4ba6c4601a..b656952fcf 100644
--- a/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
+++ b/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c43f64fc-d6f6-444b-9e4e-d2f8a99df34f",
+    "id": "bundle--5350bbcd-23e8-44c5-9210-939a993d62d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ab18ee61-f94a-411c-9893-941714ce713e.json b/mobile-attack/relationship/relationship--ab18ee61-f94a-411c-9893-941714ce713e.json
index a64207f60c..be8570ad02 100644
--- a/mobile-attack/relationship/relationship--ab18ee61-f94a-411c-9893-941714ce713e.json
+++ b/mobile-attack/relationship/relationship--ab18ee61-f94a-411c-9893-941714ce713e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--97f1bf01-ba00-47a7-a06f-d7414906b1f4",
+    "id": "bundle--c2d7c00c-6d27-48bd-845b-ff3c88091f1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json b/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
index ee976fbd18..37b0365cca 100644
--- a/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
+++ b/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a0693bf-2eec-4f81-8531-1a11b18dab5b",
+    "id": "bundle--0eaa0288-6bfa-4009-b335-a82cc3b0fb75",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json b/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
index 60e53a2260..8820c498b9 100644
--- a/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
+++ b/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4cb11659-afb8-40d7-857b-8da543ef6a32",
+    "id": "bundle--a6509bb6-b240-4f03-8d2c-80ae21f705bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json b/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
index 513d84a85d..fda1101ac9 100644
--- a/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
+++ b/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eef4aaed-5d7b-43c3-914c-b06755bc2f43",
+    "id": "bundle--210a143f-32ac-433d-8c98-aa06909b7cd9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783.json b/mobile-attack/relationship/relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783.json
index e8c9028771..0dd72da980 100644
--- a/mobile-attack/relationship/relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783.json
+++ b/mobile-attack/relationship/relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a32c0541-a775-4fc7-aa8e-6f562eeb8e14",
+    "id": "bundle--e69e82a7-4d55-4b92-948c-861e456c70b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json b/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
index fee7e4e3cf..dc126d801b 100644
--- a/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
+++ b/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c744afb1-9739-44f9-a620-bdab1099edb4",
+    "id": "bundle--3448e666-a9ef-490a-b388-5738d2ac0ad2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json b/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
index ad57083967..955b957f50 100644
--- a/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
+++ b/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a37fcadc-df4d-4f06-8606-eeb59e94b2c9",
+    "id": "bundle--74d254a6-d291-4a28-a7e2-6c6520da16b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json b/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
index 7707908018..2587a271e8 100644
--- a/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
+++ b/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--408758e0-2457-4e28-bc1b-18272904cc68",
+    "id": "bundle--dc6e7566-91f1-4596-936e-ea613166c6a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json b/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
index 2dc75cad20..17f37f4f79 100644
--- a/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
+++ b/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23799a25-17a4-471b-b3ac-e030d295d32e",
+    "id": "bundle--c8922541-658f-48b3-8bd8-0c171845ba27",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa.json b/mobile-attack/relationship/relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa.json
index 0e8d1ed41b..2d66955a3e 100644
--- a/mobile-attack/relationship/relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa.json
+++ b/mobile-attack/relationship/relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24ae496d-c1ab-4697-ae7c-473dfc9bc56b",
+    "id": "bundle--b16d92df-0f42-49f3-9095-d40a0ae6f563",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json b/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
index 1527dbeb00..a979469e08 100644
--- a/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
+++ b/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3cbcd1c-5f48-4ad1-a719-b1572a40e522",
+    "id": "bundle--abdcc66c-cf39-4ace-b5f3-8927183f8135",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json b/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
index 4590012bd2..a003fbcc06 100644
--- a/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
+++ b/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--16966a0c-55fa-4bd0-a86b-d2577dc6cf4f",
+    "id": "bundle--45cfe8cb-791b-43e3-a0a6-285c78a2681d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json b/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
index 0928241a13..6363558613 100644
--- a/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
+++ b/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb21db97-75bd-4d99-ae42-c29ada2fa994",
+    "id": "bundle--6a4b7467-27d3-422d-b268-8fdfc0140565",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json b/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
index c8db880fdc..dd928065b5 100644
--- a/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
+++ b/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc435daa-8ee3-4508-96d3-3a27077e40f7",
+    "id": "bundle--fafb2cae-68e0-4307-bd18-75431fa55242",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json b/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
index 176ea3de79..c9694cbec3 100644
--- a/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
+++ b/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--065f05a4-3f9c-4451-b349-ae6fbf1ede40",
+    "id": "bundle--ec3acc42-e3fc-4252-b742-a0ee2ea615b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afc0e8b2-2e85-4640-8517-fb2e16831082.json b/mobile-attack/relationship/relationship--afc0e8b2-2e85-4640-8517-fb2e16831082.json
index c7ab9d4514..a043d5c3c8 100644
--- a/mobile-attack/relationship/relationship--afc0e8b2-2e85-4640-8517-fb2e16831082.json
+++ b/mobile-attack/relationship/relationship--afc0e8b2-2e85-4640-8517-fb2e16831082.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1a1028e-b25a-43c6-8bec-9e50f847d82b",
+    "id": "bundle--3d00fcd4-c663-495c-b2c7-ea0eeccc037f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json b/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
index 438eb00e81..c0d2767a07 100644
--- a/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
+++ b/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1936f794-e6ea-4534-b143-2ce07ec3ad58",
+    "id": "bundle--3fcbc619-3e54-4260-96c0-de8cced5ffda",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json b/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
index 5ff6e0dac3..d0aee7411e 100644
--- a/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
+++ b/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6777039c-b944-401f-a17d-ddf1778bf05d",
+    "id": "bundle--2f050198-b6b5-46e7-a235-487f3129e095",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json b/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
index 043727bf17..8e62e0b022 100644
--- a/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
+++ b/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--10c30eb3-e2a9-40b2-8da1-b3d70f375713",
+    "id": "bundle--214b82f8-f37a-4cb9-bd92-b1e013575914",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json b/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
index 66f36ec73e..c18d8e0b2a 100644
--- a/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
+++ b/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bfdd2a39-8569-4dfe-b1f1-f2677c906f6b",
+    "id": "bundle--57e6f461-1f4c-440c-b505-df8933c5a7e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json b/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
index 6ae929eadd..a69b624bbc 100644
--- a/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
+++ b/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70a5bfd8-5e7c-4a15-831b-c05cc9ef9380",
+    "id": "bundle--197cf1b7-869f-4ab8-8499-e5279eb14ed6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json b/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
index 56944fb648..22a746cffa 100644
--- a/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
+++ b/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--333be56f-d734-4a24-bcc9-ae0f4ebb4cce",
+    "id": "bundle--beb4af5a-4ced-4f36-bf14-a0b9c5b2f69e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc.json b/mobile-attack/relationship/relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc.json
index 137720f269..41d394e3f8 100644
--- a/mobile-attack/relationship/relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc.json
+++ b/mobile-attack/relationship/relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ec1bfb9-1968-48c0-a51c-37e8aa14e26d",
+    "id": "bundle--8afa0ec9-39a5-4dac-bdcd-ba5d2c145f12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json b/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
index 0f5b672e8f..a896abb41c 100644
--- a/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
+++ b/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b2c0279-cf41-4025-9dbd-4def13e22696",
+    "id": "bundle--036e7dd5-45d1-44ee-9045-bced48f386e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b19082d2-c151-45dd-8844-82335fbe3ed9.json b/mobile-attack/relationship/relationship--b19082d2-c151-45dd-8844-82335fbe3ed9.json
index c554d5805b..6166d5cfb4 100644
--- a/mobile-attack/relationship/relationship--b19082d2-c151-45dd-8844-82335fbe3ed9.json
+++ b/mobile-attack/relationship/relationship--b19082d2-c151-45dd-8844-82335fbe3ed9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9f02ea07-e0bd-4584-83cb-65f0833d7137",
+    "id": "bundle--aad89418-19d8-4539-97f0-9669db224203",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json b/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
index e2938dcda6..82267a889f 100644
--- a/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
+++ b/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9834540d-ff4d-40c0-a583-3888cf6f34f6",
+    "id": "bundle--bc336410-6042-4bad-b7b2-26f874be6326",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json b/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
index 9189d57f52..1ad84a1743 100644
--- a/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
+++ b/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37461d4e-9a55-453c-b1d7-5f4a1760244e",
+    "id": "bundle--77876974-5fa0-41e2-9a77-946ef43c8f5e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json b/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
index 7f6291a577..34c5de5c02 100644
--- a/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
+++ b/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3163220d-ad9a-4e95-aa00-be75c1a0525a",
+    "id": "bundle--9e91e93c-d5c7-402c-9dce-ed01165e6cf2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json b/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
index 8280c73052..78562cae18 100644
--- a/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
+++ b/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dadd32c3-4b37-4de6-ae9a-93c3b24c47a0",
+    "id": "bundle--5aace279-4c62-4834-a490-5e68db334dcd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json b/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
index ee81779c7e..8b696fee3c 100644
--- a/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
+++ b/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--074ce897-9485-458f-86a2-af15f1e767bf",
+    "id": "bundle--20c4103b-e5fc-46cb-8b54-118a27d1c01f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b309c25a-6baf-4874-829d-63712a38652c.json b/mobile-attack/relationship/relationship--b309c25a-6baf-4874-829d-63712a38652c.json
index bd8cd57ee0..52e9b28cf4 100644
--- a/mobile-attack/relationship/relationship--b309c25a-6baf-4874-829d-63712a38652c.json
+++ b/mobile-attack/relationship/relationship--b309c25a-6baf-4874-829d-63712a38652c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2650085-eac8-4edc-96d1-644441167e55",
+    "id": "bundle--26f88d20-a8dd-44a2-b65e-76f121baf934",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json b/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
index 22ae71fd37..945011bf7c 100644
--- a/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
+++ b/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4aa16f1b-0ac1-4c23-acd2-fa4d713c631f",
+    "id": "bundle--23c0db47-74be-4bdc-83fc-0b10ca43e292",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json b/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
index 55ac532549..8b6345e4e6 100644
--- a/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
+++ b/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--539c4837-1bc5-41a1-9ce9-d48103e922d7",
+    "id": "bundle--a31287d3-8ace-488c-b971-1af3c4de3dcd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json b/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
index 16fc78da26..ccc5fa92d9 100644
--- a/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
+++ b/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1cbad624-86ca-4ea1-a8d4-80be67261870",
+    "id": "bundle--c02d1edf-bdf9-4400-b36c-8fb54a75c9d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7.json b/mobile-attack/relationship/relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7.json
index bfaf45dab8..b52ddfd18c 100644
--- a/mobile-attack/relationship/relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7.json
+++ b/mobile-attack/relationship/relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c475888-4085-45c0-8c1f-5b243ccdef40",
+    "id": "bundle--68355779-411a-424e-9b40-27455ea8c1fe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab.json b/mobile-attack/relationship/relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab.json
index c38cbab2f1..c7ce4b7def 100644
--- a/mobile-attack/relationship/relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab.json
+++ b/mobile-attack/relationship/relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26760013-f3cb-455a-81ce-a7515251d08c",
+    "id": "bundle--831f75f5-eb06-42ca-aa14-bb62ea169ef0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json b/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
index 0a71a5fc7a..e9b814e3c8 100644
--- a/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
+++ b/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25125d84-d016-491c-96cf-474ba323bcd9",
+    "id": "bundle--7c300b44-dfad-4c23-bb0e-632b29f8960d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json b/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
index bb377b429f..ac4b13e4ac 100644
--- a/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
+++ b/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96d23ab9-c5e8-4892-b059-712511c42650",
+    "id": "bundle--0f4387f1-70e0-46f8-b328-b8829f6884ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json b/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
index 0b7a49822c..0adb20400f 100644
--- a/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
+++ b/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6bfa69ec-74dd-4090-a813-fe88a1fc4eca",
+    "id": "bundle--3e80a401-3863-4864-89c4-2bb37c3a4883",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json b/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
index bd3a0a8b15..55b903d9d8 100644
--- a/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
+++ b/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8366fbaa-bb2e-45f7-9729-f620dc10d230",
+    "id": "bundle--2e581cc8-f168-4d32-ae5a-4fbcb563c779",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json b/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
index 6c491a3b32..b0b7408904 100644
--- a/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
+++ b/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6006a4f8-aa13-4f0e-892f-de716ad1703f",
+    "id": "bundle--e7cb8348-36b0-4ddf-b3e6-c353f62c044b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json b/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
index c2bb8973d6..260db3dc7a 100644
--- a/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
+++ b/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc7610f4-6633-49dc-bac7-6ae72b670233",
+    "id": "bundle--23d2c9b0-0054-47e7-aacc-acfa7e18f13f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json b/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
index e1262917c8..1a454eaf07 100644
--- a/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
+++ b/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8c7e058-98d6-46ff-a231-f34ed0497c0d",
+    "id": "bundle--bb0d5499-dd80-4ffd-8786-f9d0ca8b11dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json b/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
index 93c90a1a5a..879a61e619 100644
--- a/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
+++ b/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--819ef7b1-c07b-4024-ab39-eaf66e573140",
+    "id": "bundle--dd76d238-f26e-4c4a-90b1-f95aa6c71294",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json b/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
index e76ffb9386..faac04a3ba 100644
--- a/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
+++ b/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23bde10c-fd2a-465b-a926-ec469d2cb407",
+    "id": "bundle--eac93572-a898-42c5-b5cf-24d058b2ef46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json b/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
index f923360ccc..04ae2b0e29 100644
--- a/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
+++ b/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b07eac2-2970-40cd-a9fa-5592b6d4b7ab",
+    "id": "bundle--9471256a-f842-42b9-afc8-e3da95de485f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json b/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
index 0d53801dbf..8242bb1041 100644
--- a/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
+++ b/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a0aca147-3e26-4f0c-9ff7-49539f7ee7ff",
+    "id": "bundle--693e805c-d150-4ca3-a651-9dc98a51249b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json b/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
index 678d9e1357..6ecf1f88f0 100644
--- a/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
+++ b/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eeacbc79-fc1c-4597-933c-cec525fee00d",
+    "id": "bundle--b7a7f931-d5af-40b3-8f83-e908bba60186",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json b/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
index 6405e756ba..6da3797dac 100644
--- a/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
+++ b/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb0685f4-013c-4509-b99f-c7da4ca4518a",
+    "id": "bundle--49e46846-c279-462a-8cbc-abb1158ef6be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json b/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
index 87f0fa7a8a..90a0f2d7ed 100644
--- a/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
+++ b/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b243db35-f4fd-4137-a620-2c34edcfaf42",
+    "id": "bundle--6ddc0558-0eac-43bc-bcca-db948612684e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json b/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
index cd5c70ee8f..b94d78a8c8 100644
--- a/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
+++ b/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--956118b4-eaa6-4100-a628-5e0c07e21478",
+    "id": "bundle--9b7d4699-2c0a-4ac2-a130-2ebdb1594906",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b610c587-576a-40cc-9f76-6362455c8ff4.json b/mobile-attack/relationship/relationship--b610c587-576a-40cc-9f76-6362455c8ff4.json
index 1c8ab36d73..c6ff86fb14 100644
--- a/mobile-attack/relationship/relationship--b610c587-576a-40cc-9f76-6362455c8ff4.json
+++ b/mobile-attack/relationship/relationship--b610c587-576a-40cc-9f76-6362455c8ff4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--88b15c01-b55d-48b2-a1a5-851b30c0d4e2",
+    "id": "bundle--fd5b1941-53ff-441f-a942-72efdf97117d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json b/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
index 2c7d72f9b9..7e140f4721 100644
--- a/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
+++ b/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ffba447-cc81-44bb-b9ef-f1156cc3ea95",
+    "id": "bundle--9c422738-09aa-460b-820c-9a317be3b7c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json b/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
index 1898d9d1dd..c21ee0776f 100644
--- a/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
+++ b/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8d98a247-9683-4c63-825a-fde6efc0e914",
+    "id": "bundle--f468b525-ccf1-46aa-bc7b-e4b3c920027c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json b/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
index 3eb427f7b6..bb921b154d 100644
--- a/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
+++ b/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a36274d7-14c7-4dd7-af18-d133c76527d0",
+    "id": "bundle--0f328add-ba32-43f0-9ab2-6614423268c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b697a198-8949-43e0-b2b8-23498373c920.json b/mobile-attack/relationship/relationship--b697a198-8949-43e0-b2b8-23498373c920.json
index f31242a2c8..e9e7d0b6d5 100644
--- a/mobile-attack/relationship/relationship--b697a198-8949-43e0-b2b8-23498373c920.json
+++ b/mobile-attack/relationship/relationship--b697a198-8949-43e0-b2b8-23498373c920.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e2a7872-bebc-41ac-b47d-b1539da7b01c",
+    "id": "bundle--06afaa47-6eee-41c9-96a6-d35cf2abc3b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json b/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
index da6358dae8..2b78c77dac 100644
--- a/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
+++ b/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c25903b6-37d7-4f58-b1ad-c250dbaf68e4",
+    "id": "bundle--6e039e06-97c3-42d6-ae5f-f861946ae4e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json b/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
index 06d1458e58..9acc3d942c 100644
--- a/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
+++ b/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--676cafc1-1b5f-447a-bb69-37e85c29585f",
+    "id": "bundle--f35209f0-207b-466e-9cb9-220ad70f6f5d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json b/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
index 600bc6e21e..80d32c2716 100644
--- a/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
+++ b/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5596ef9b-43fe-4df0-bf0c-d58e941c3c86",
+    "id": "bundle--71daa3fc-a9b4-4637-ac53-9f72353df546",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10.json b/mobile-attack/relationship/relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10.json
index 8016815530..c1e43f0568 100644
--- a/mobile-attack/relationship/relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10.json
+++ b/mobile-attack/relationship/relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--780170d0-5474-4ce5-b01c-b04704c3907e",
+    "id": "bundle--ae9a722a-fb9d-4a16-a1f8-58fa3eff1c52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json b/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
index a42e856309..c097d9afb2 100644
--- a/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
+++ b/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8721783a-c60a-4037-bdc2-65ae9a0ed00c",
+    "id": "bundle--e83d4f9f-ae25-4e72-b90d-6fff1f4cb9d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json b/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
index 39e976b3e5..e41154988d 100644
--- a/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
+++ b/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c22ba928-c1b2-4126-b1ed-d09ffb61b8f1",
+    "id": "bundle--a38a1a5d-b0f5-49c1-b1cd-a2224a372ee1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json b/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
index 9f07707cb1..9f24876caa 100644
--- a/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
+++ b/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6eb8701-ffe0-44a7-a07c-933c31477356",
+    "id": "bundle--b1cbcac1-740c-47c7-811f-1ad0f1f90fca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json b/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
index 7ee8f6ff62..244ce9ec93 100644
--- a/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
+++ b/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--36aa4dac-1de4-47fd-b958-834a3f50792a",
+    "id": "bundle--78965de5-126c-4f02-9a77-2dc934362977",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json b/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
index a403854048..8e4de43a06 100644
--- a/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
+++ b/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--78d4eecc-c86f-49f1-aef4-c33da7591bb1",
+    "id": "bundle--3635f0ee-6462-44e8-a83f-f53eb3463363",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json b/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
index ca532a4d35..d359925588 100644
--- a/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
+++ b/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c0d7c83-9544-4deb-9756-d818f53b0498",
+    "id": "bundle--9cd76755-3865-4a92-b548-a078e31aa8ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json b/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
index 1ff206dd43..19f2db9ac4 100644
--- a/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
+++ b/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f5ecf26-6b7a-4f62-8c1d-2a923d5ff423",
+    "id": "bundle--814673f7-f903-4741-8e7d-334ce3b7e482",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json b/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
index c4f48581f5..cc64d6bc63 100644
--- a/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
+++ b/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ee6f4846-2ca5-4665-89e6-38375ac1c3fa",
+    "id": "bundle--01120126-94b1-4b82-b588-0ee8398a1c36",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json b/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
index 98bb6d58b1..c964b05b45 100644
--- a/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
+++ b/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--603ad912-f5aa-4ac7-9091-d9af66766028",
+    "id": "bundle--9cc71786-60f0-4427-b3d1-d05683b78f90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json b/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
index eb2b5293be..14835fb37e 100644
--- a/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
+++ b/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cfcf67e2-a93c-442d-971a-265d9ea8c9c2",
+    "id": "bundle--5432bdd5-320e-4487-998b-7f7fc0fe8416",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json b/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
index 2251d408b7..e3fa6a5c49 100644
--- a/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
+++ b/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7dd9787-c93a-45ce-be8f-7b33f245144a",
+    "id": "bundle--f21e4e24-8cba-4764-a3ff-28f23d0d9f38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json b/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
index e4fd7c9c13..f8680ece56 100644
--- a/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
+++ b/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ad5348a3-292a-471b-baf7-8257bf4ab9da",
+    "id": "bundle--d1fa94ca-d12c-4638-b849-bd44209cea9f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf.json b/mobile-attack/relationship/relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf.json
index 7cd5c196d0..4d2dfd3170 100644
--- a/mobile-attack/relationship/relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf.json
+++ b/mobile-attack/relationship/relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--01027467-070a-4959-b2ab-8e2f146888a1",
+    "id": "bundle--6bce78e8-d826-4e2d-9bae-4023c5323a8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json b/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
index 34f8cdd155..0c41228b31 100644
--- a/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
+++ b/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--911465c5-85a0-4936-9e2d-3785593b343a",
+    "id": "bundle--2bf808ee-9b3d-4102-9c85-5c0cb98b2dea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json b/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
index c8ddb8ea27..a18cd478e7 100644
--- a/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
+++ b/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c130afa0-2a70-4fac-8bf0-b75b24bd0a71",
+    "id": "bundle--289de7f6-d5a3-4f88-83cc-990fdf4936a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json b/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
index 6a01e1c115..3b094097cb 100644
--- a/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
+++ b/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c48d2597-963c-43ac-824b-bcc6c5a210ac",
+    "id": "bundle--d8eb7dd4-d443-4f3e-9ea1-c3a385920492",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json b/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
index 8f18274f38..76997ad3e6 100644
--- a/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
+++ b/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--285a4807-e296-4410-a56c-a8239c5ca128",
+    "id": "bundle--85cf7172-40b9-41be-8d1c-db7b87ca87b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af.json b/mobile-attack/relationship/relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af.json
index d8d39df41f..0164514d49 100644
--- a/mobile-attack/relationship/relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af.json
+++ b/mobile-attack/relationship/relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba48ed95-e4c4-4d92-bbf3-b539b7e27ac4",
+    "id": "bundle--de37c52c-7350-460c-9a49-a5752f3d7c18",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json b/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
index f50772f60e..d6ad9b92cf 100644
--- a/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
+++ b/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a71f765-56ff-4fcc-bbed-2b4c17bbad2a",
+    "id": "bundle--69120a16-49f3-4f7e-ad09-d5d69ae82e29",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json b/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
index c2258801ca..96fa904811 100644
--- a/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
+++ b/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6467f2a2-6612-438b-8c62-fe25ea259583",
+    "id": "bundle--41580c94-89eb-42a7-b9bd-cfee29867a35",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2.json b/mobile-attack/relationship/relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2.json
index c3d5f21ab5..c7bd6c8e64 100644
--- a/mobile-attack/relationship/relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2.json
+++ b/mobile-attack/relationship/relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7287951-d620-48d9-98bc-0a9039e2ce8a",
+    "id": "bundle--ab9efdab-f353-47bd-96a6-d175d4c3beae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json b/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
index 21bd9233dc..e96b92582b 100644
--- a/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
+++ b/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec81a6fd-f5e2-4a9c-9e57-bcb6eb623f3f",
+    "id": "bundle--8a4a8e37-5dad-4c5d-84db-d3404b659003",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc79a212-139f-4dce-be72-e90585f38f03.json b/mobile-attack/relationship/relationship--bc79a212-139f-4dce-be72-e90585f38f03.json
index a774b6954d..4834cd4570 100644
--- a/mobile-attack/relationship/relationship--bc79a212-139f-4dce-be72-e90585f38f03.json
+++ b/mobile-attack/relationship/relationship--bc79a212-139f-4dce-be72-e90585f38f03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--403d4d65-c2ca-4e7c-b702-fe33797e6d3b",
+    "id": "bundle--cf1a20b9-87ff-4043-8433-5be058556052",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json b/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
index 4e16e6e8a3..3ab44ddb92 100644
--- a/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
+++ b/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba5fae95-a211-4ede-aa8b-1e9e7c70a89e",
+    "id": "bundle--1d334779-78c4-41d3-b7af-8b8821d83983",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json b/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
index b634587718..08dae9b512 100644
--- a/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
+++ b/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2e960c2-1f48-4c75-a061-f7734622d55b",
+    "id": "bundle--042f995e-3bfd-4867-9d35-58aeffca1bfe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json b/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
index 7008afd331..2053071186 100644
--- a/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
+++ b/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d295179d-d6ce-4d20-b5b2-80b1e66b13e4",
+    "id": "bundle--4d6ea26f-3c81-4ee8-b955-2546229682dc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json b/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
index 6e640fc10b..a0ec7602a2 100644
--- a/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
+++ b/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1c0a640a-793c-4154-becb-291e08c10ff7",
+    "id": "bundle--9405c4d4-7efd-4070-8a1e-86625bf57790",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json b/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
index 7b7f8485c3..a68f8ea752 100644
--- a/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
+++ b/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a3a6907-1f12-459f-be0e-14440409d04b",
+    "id": "bundle--7f6778a5-1107-4961-9519-408204ff40c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json b/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
index 6c30bdd536..265e85dcfc 100644
--- a/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
+++ b/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--09d1d2b7-fd37-4639-81bf-1b8ead5e1596",
+    "id": "bundle--6c90fe0f-2db2-46c4-a674-dd95b46bab17",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json b/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
index de55de0828..f86f654090 100644
--- a/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
+++ b/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d269e2a-61be-499e-be14-948bd29bc0a8",
+    "id": "bundle--00adeaaa-8cdf-4730-a5b5-059bd14df9e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json b/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
index 3fa9797300..4b26896110 100644
--- a/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
+++ b/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f892c6c1-631c-4814-8c84-43a65b1c3d6b",
+    "id": "bundle--d5b04833-31ec-4acc-867d-3893e57553d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1.json b/mobile-attack/relationship/relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1.json
index ac8e4268ca..d84f2e0596 100644
--- a/mobile-attack/relationship/relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1.json
+++ b/mobile-attack/relationship/relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26a4f6c2-8f22-424e-ae5f-11f407ac39e9",
+    "id": "bundle--03432f11-c72e-4655-9ca3-4710b2ea4259",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json b/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
index 8d1ed8a114..8b316367dc 100644
--- a/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
+++ b/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c73e8db2-32a3-443b-b4f4-06987dcae753",
+    "id": "bundle--0fbeb0bb-4e1f-426d-8b17-83f579dc040d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf.json b/mobile-attack/relationship/relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf.json
index c7a9874cb7..e893780e80 100644
--- a/mobile-attack/relationship/relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf.json
+++ b/mobile-attack/relationship/relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--511f2523-b0c8-4587-a202-29635bce5786",
+    "id": "bundle--c627a1d1-5ccc-4398-aab0-92a52f978e92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bde9304b-4421-4185-a2c6-dabe1c080587.json b/mobile-attack/relationship/relationship--bde9304b-4421-4185-a2c6-dabe1c080587.json
index afcbf53fad..4ada332695 100644
--- a/mobile-attack/relationship/relationship--bde9304b-4421-4185-a2c6-dabe1c080587.json
+++ b/mobile-attack/relationship/relationship--bde9304b-4421-4185-a2c6-dabe1c080587.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6323df74-281c-434d-9c3f-c95f8167efa1",
+    "id": "bundle--a9579138-b0fb-482d-abad-3f0d97db87c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json b/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
index f41d748cf6..ea2f200ca3 100644
--- a/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
+++ b/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d79b397-40ef-4bc9-abf9-eced2ce03157",
+    "id": "bundle--87f044cd-f981-4b43-a884-8ebf3ba1f253",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json b/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
index 1d627014ff..0fca034166 100644
--- a/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
+++ b/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7fa184f-3d69-46ba-856f-e9789b680037",
+    "id": "bundle--7f40dd74-366a-483b-9806-26970143e35b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json b/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
index d8c24b050e..046e482aa4 100644
--- a/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
+++ b/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--86fdaa87-3367-4af6-956c-31b4c2b01973",
+    "id": "bundle--d5fbcd20-c4ed-4139-8d8f-65c4ec2b7535",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json b/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
index b191646d16..b2a5f42adc 100644
--- a/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
+++ b/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7af6c94-e0b6-4f40-a7f0-24cda85d992d",
+    "id": "bundle--5786c67c-0c63-4834-91ac-271d7f92abf7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json b/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
index d71f5cb42e..ebd5b8b3d5 100644
--- a/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
+++ b/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cfe17b76-9ef6-470c-afe4-5f8e83cc9b18",
+    "id": "bundle--c55d7934-a379-471b-937d-6430ff86c8b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be7c3f83-b164-4d53-bfac-65f7437dabec.json b/mobile-attack/relationship/relationship--be7c3f83-b164-4d53-bfac-65f7437dabec.json
index e021960543..252bcf9046 100644
--- a/mobile-attack/relationship/relationship--be7c3f83-b164-4d53-bfac-65f7437dabec.json
+++ b/mobile-attack/relationship/relationship--be7c3f83-b164-4d53-bfac-65f7437dabec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87eaa882-6f74-4ecc-9bcd-0afd33893ab1",
+    "id": "bundle--27091319-8495-4f97-8021-53e815bf8b63",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json b/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
index bdf9cebf99..c86ed94205 100644
--- a/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
+++ b/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--043420a0-2644-45ef-9187-917c8f77727a",
+    "id": "bundle--bbf71fb8-4636-4185-9fef-a2b6b560af7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json b/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
index d4578c291a..7152126542 100644
--- a/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
+++ b/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--720ce637-7ac6-48c3-bc43-daaec4f8a007",
+    "id": "bundle--f3ee0d00-6e36-49f1-b647-17163568efd0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json b/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
index 2ae5b3fcd1..1502c8d954 100644
--- a/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
+++ b/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a13cf28-269d-4d5a-b3e9-e7ca8aa1bca0",
+    "id": "bundle--efe7d5b9-de45-4161-8209-ff248a2d5f48",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json b/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
index a87fa92f48..e9ac972fcf 100644
--- a/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
+++ b/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66f8b0de-b48c-4ebd-8535-58d732ed61f9",
+    "id": "bundle--61f301c1-06b1-4849-b93f-e531d6651a1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json b/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
index 5f70a5b57c..87608bf750 100644
--- a/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
+++ b/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a3d00b7-ec46-47d1-b8c0-a96e84018774",
+    "id": "bundle--7c399dd5-a5ca-491e-9ec4-92cd918811d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json b/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
index 37aaa3cedb..03f326732e 100644
--- a/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
+++ b/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a840e7d7-b760-4544-9da8-6b0b10cb1ece",
+    "id": "bundle--a9d209b9-bdff-4fa3-aa2e-9f742e4c9e4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json b/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
index 7dd11985ab..470a9e4094 100644
--- a/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
+++ b/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dcf5eaf2-1236-44b0-87ab-08709e6054f5",
+    "id": "bundle--73e9a6a3-a74b-4ccb-81c2-71819d1a3238",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0.json b/mobile-attack/relationship/relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0.json
index ce337d02b3..1c4bd6a011 100644
--- a/mobile-attack/relationship/relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0.json
+++ b/mobile-attack/relationship/relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f963d947-989d-4ce2-8167-cc7c74eac0e8",
+    "id": "bundle--55df5658-39af-4f04-9c0b-91fc8e258684",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c00031dd-0466-4fd2-9724-ab1c04232bad.json b/mobile-attack/relationship/relationship--c00031dd-0466-4fd2-9724-ab1c04232bad.json
index fd6b88c619..82f2a6c020 100644
--- a/mobile-attack/relationship/relationship--c00031dd-0466-4fd2-9724-ab1c04232bad.json
+++ b/mobile-attack/relationship/relationship--c00031dd-0466-4fd2-9724-ab1c04232bad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--318030a7-5cf7-47c7-bb1c-31f02fa21d4d",
+    "id": "bundle--7c75b96e-16df-4b80-b4ed-ca2860910be1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json b/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
index 01791ce19d..5d8cf714ea 100644
--- a/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
+++ b/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7496c068-1630-4bae-826f-b1c9630683d3",
+    "id": "bundle--640dfc0a-99f0-4b08-ad59-a51e7dfc679e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json b/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
index 3896bb0947..ae0c644114 100644
--- a/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
+++ b/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--317ecaaf-8caf-463a-aee1-8cba4d082429",
+    "id": "bundle--8de3f619-4035-4aa2-aa7b-658e1fdbcb4b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json b/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
index fce80aedcf..3ad9a71767 100644
--- a/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
+++ b/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20ab089f-215f-4a4c-bbcf-8a569848fde8",
+    "id": "bundle--ee21eb57-5e80-440d-9e9d-829c7a9661b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json b/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
index 8118e18829..7fca0afd27 100644
--- a/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
+++ b/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c82026c2-bef1-4b56-ba4e-08fff23e2f1b",
+    "id": "bundle--016aa36e-b768-4b7a-b192-7563f60977b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd.json b/mobile-attack/relationship/relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd.json
index 900006afa4..79cd73cb6a 100644
--- a/mobile-attack/relationship/relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd.json
+++ b/mobile-attack/relationship/relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--504a4b40-fe06-4f70-908f-818af0d07d07",
+    "id": "bundle--30a32c13-a2cd-442b-8514-ec91498a34cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c23d9eff-1d4e-479f-a114-acc535540a23.json b/mobile-attack/relationship/relationship--c23d9eff-1d4e-479f-a114-acc535540a23.json
index fb88dca028..d71859ad7d 100644
--- a/mobile-attack/relationship/relationship--c23d9eff-1d4e-479f-a114-acc535540a23.json
+++ b/mobile-attack/relationship/relationship--c23d9eff-1d4e-479f-a114-acc535540a23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68dd2f3d-a4ce-4bee-832f-7b147595c22c",
+    "id": "bundle--ccb0cefc-405f-4579-b13b-9759036d9cb0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json b/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
index 6eae75e692..e2d3e176de 100644
--- a/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
+++ b/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d87faed-2a1b-4ee9-bb99-617f7d929c25",
+    "id": "bundle--542bbe65-ee70-4b2e-a8b1-849753eb094c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json b/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
index 6e2120393a..748d92f319 100644
--- a/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
+++ b/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ebde82a-f52c-4329-80b6-05c573fb8311",
+    "id": "bundle--6de681b0-d949-42a6-be98-e9e51e9617b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json b/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
index c310825ad8..f7dab95f5f 100644
--- a/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
+++ b/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--42224dfb-9e04-4ca3-a3a9-13856307ded0",
+    "id": "bundle--e9aa204c-571d-4269-8ff9-36d7147539f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396.json b/mobile-attack/relationship/relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396.json
index fbae0ff1a9..b1f6dcbf87 100644
--- a/mobile-attack/relationship/relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396.json
+++ b/mobile-attack/relationship/relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ff4eb22-a538-4403-8e3b-746ff894e625",
+    "id": "bundle--a9a9e626-ed8f-4b20-829b-d4004b7803b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json b/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
index c6a5bd1007..f28826a66b 100644
--- a/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
+++ b/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d3336fd-3180-419d-a965-3f5cef73f826",
+    "id": "bundle--4161a1ea-57a4-491a-8860-4fa222cd944f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json b/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
index c847ed201b..7d0d9ed63c 100644
--- a/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
+++ b/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--60bc9992-b140-4064-a027-5896f4b70c42",
+    "id": "bundle--62c668d0-d48f-4335-b2a5-95173a396adf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d.json b/mobile-attack/relationship/relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d.json
index d4610db3d1..838dbcaa06 100644
--- a/mobile-attack/relationship/relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d.json
+++ b/mobile-attack/relationship/relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ede399d3-126c-4a81-92f9-a8677e62d952",
+    "id": "bundle--882f638e-ba2b-430d-9c3b-d12b76b1c9fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619.json b/mobile-attack/relationship/relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619.json
index d99dedae66..6d35503083 100644
--- a/mobile-attack/relationship/relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619.json
+++ b/mobile-attack/relationship/relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c22f8c10-7553-441e-9bc0-cd5608a21b40",
+    "id": "bundle--f4cbe397-cf14-413f-915b-f7fd5794ef52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json b/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
index 72ddf368a8..916f2896a4 100644
--- a/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
+++ b/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--126a22ee-a703-41f4-9a98-3b436698448c",
+    "id": "bundle--eff93d29-80d8-4796-8c8c-92e003f368f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json b/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
index 2b14b21df4..60b4d28682 100644
--- a/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
+++ b/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e2f6c1b5-8e9c-4a80-ab9b-5afb66e0b91f",
+    "id": "bundle--99159dbd-c587-435a-afa7-c2c72211778d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb.json b/mobile-attack/relationship/relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb.json
index c0f48d2c27..5b4c817d37 100644
--- a/mobile-attack/relationship/relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb.json
+++ b/mobile-attack/relationship/relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--619c5061-646e-44c6-af52-97b9bed9fce1",
+    "id": "bundle--b5a98c64-0964-43f5-8fd0-56ab18b9ebd1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76.json b/mobile-attack/relationship/relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76.json
index c9d4b32ef2..95a07795ef 100644
--- a/mobile-attack/relationship/relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76.json
+++ b/mobile-attack/relationship/relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--63e01b05-1564-4259-8d1d-cc0eae81aee1",
+    "id": "bundle--8e629f3e-0a04-47fe-a28c-beb1be2eafd6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json b/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
index d6e555bfc1..c50c16615f 100644
--- a/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
+++ b/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af550a14-5dbf-46de-99ce-103a25b199e8",
+    "id": "bundle--a8188fc4-4b86-4f55-8eee-2656cc6a435f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json b/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
index 3c5baf9791..1cabd781e5 100644
--- a/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
+++ b/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fcb1e325-567a-45cc-9f03-149543658b60",
+    "id": "bundle--e263fccb-d7da-4e6a-9c9e-ef419682b432",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json b/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
index 466907eeef..21852d83f6 100644
--- a/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
+++ b/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5170310a-f04a-4df2-8c16-a3ea342ea680",
+    "id": "bundle--3e83986c-a189-4483-aedb-a56ee6417a25",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json b/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
index 9f643442ef..152c9d0a5b 100644
--- a/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
+++ b/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fed60069-a6e0-437e-816a-48b266047e25",
+    "id": "bundle--2f1aecbf-b743-4fbb-8580-2ee5bb3a8403",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json b/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
index 83cf60fb02..ce3ad0ca81 100644
--- a/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
+++ b/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--adb67a18-5d74-4192-8203-4c085afc867a",
+    "id": "bundle--a61698d7-3037-4f71-ae5e-aeda4330d7d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json b/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
index 5edf1e5ba9..412cf6941e 100644
--- a/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
+++ b/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b0adf1b9-fff1-49b0-abca-188507d3f9a0",
+    "id": "bundle--ec25dcb7-eaf8-44d7-a6b1-ea3292719b95",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json b/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
index 4d69ba266d..920a4377a4 100644
--- a/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
+++ b/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70d6ae1d-e1b7-47df-b88b-b224f7c7d046",
+    "id": "bundle--782a5189-cb57-4e58-85d2-376ef359459b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33.json b/mobile-attack/relationship/relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33.json
index 16d1b10194..010b430470 100644
--- a/mobile-attack/relationship/relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33.json
+++ b/mobile-attack/relationship/relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99a7cae2-91a4-4f24-b8a7-38180409bc51",
+    "id": "bundle--9eeeb4db-f1c1-41b5-87e2-03cfb7fe34f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json b/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
index fe7ea0a877..1147090358 100644
--- a/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
+++ b/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dea7dbaa-7e87-4070-be77-787490482bcf",
+    "id": "bundle--f4d205dc-b32c-469e-9f5d-4c8cd6c369c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json b/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
index f3a8f37f01..d55977d566 100644
--- a/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
+++ b/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a56823a-72c7-4fd9-a617-4d7384e48014",
+    "id": "bundle--7723da5b-f08b-46f3-8283-93677af276e1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json b/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
index a5951bd88a..b6acc2be83 100644
--- a/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
+++ b/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d93a73e3-161e-4ab8-a258-4e7446496eb6",
+    "id": "bundle--61b12e87-402a-40e7-b5ee-93915a589a61",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json b/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
index 87adf86751..76647e50ba 100644
--- a/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
+++ b/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e867e6b-d901-4064-818d-c200d1d58487",
+    "id": "bundle--1600d30d-34d3-45c5-a308-87f7a7560c47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93.json b/mobile-attack/relationship/relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93.json
index 46488f6309..88e4373455 100644
--- a/mobile-attack/relationship/relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93.json
+++ b/mobile-attack/relationship/relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5123ec4e-75f1-443b-a75b-4105067e187a",
+    "id": "bundle--76937c9a-4f64-428c-8ca9-37b72365e850",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json b/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
index 635b5df21f..c5e24fbb58 100644
--- a/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
+++ b/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--74c50829-4926-4e50-b3ac-d9b2b046b4c4",
+    "id": "bundle--119a999f-3f3f-4e52-a540-959070d4d680",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2.json b/mobile-attack/relationship/relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2.json
index 000f6b6a99..7e6800e3fb 100644
--- a/mobile-attack/relationship/relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2.json
+++ b/mobile-attack/relationship/relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--857bd163-7f63-4069-9190-6c5db5643a66",
+    "id": "bundle--9b8b43d5-b589-4242-b094-eb845ce46783",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47.json b/mobile-attack/relationship/relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47.json
index 09bd8be2a1..80b4b3863e 100644
--- a/mobile-attack/relationship/relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47.json
+++ b/mobile-attack/relationship/relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--63716fc9-76a1-42a0-8b51-b95234b2cce2",
+    "id": "bundle--68e85c94-adf2-4fb6-a800-40ed6f2f5fee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb.json b/mobile-attack/relationship/relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb.json
index 0230043509..b7669aef03 100644
--- a/mobile-attack/relationship/relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb.json
+++ b/mobile-attack/relationship/relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd28be04-da8b-4500-904e-47bca6803723",
+    "id": "bundle--418ba31f-48cf-4953-96e4-dbcf2b392e26",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json b/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
index 3bdedc14ee..cbbc19ca51 100644
--- a/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
+++ b/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--678d9dbf-53d5-44a0-8d4b-a9eb01d3938a",
+    "id": "bundle--2e83fc42-0dd0-4de1-b81e-02e538788fa9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json b/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
index 67e031c613..52676c7584 100644
--- a/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
+++ b/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e279253e-f355-4b92-a992-053cf86b94d6",
+    "id": "bundle--49afa55d-1db1-434e-b03f-6ef59bf3ea30",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json b/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
index 2eed417be7..6dddf528dd 100644
--- a/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
+++ b/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67af19da-4efc-440c-a6df-ed6f2971a56d",
+    "id": "bundle--71d0e8da-9296-4ef7-81c9-4aad959d6d1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json b/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
index b6e3230884..0a21a6f28b 100644
--- a/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
+++ b/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--14de9d5c-47f8-4ed4-a608-52ddec2bc605",
+    "id": "bundle--f8d0a2ce-c475-46bc-8d62-5bb69be9f749",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c89d6493-3f33-4568-ac77-ba13b206ae69.json b/mobile-attack/relationship/relationship--c89d6493-3f33-4568-ac77-ba13b206ae69.json
index 0fde273eeb..70951a72f2 100644
--- a/mobile-attack/relationship/relationship--c89d6493-3f33-4568-ac77-ba13b206ae69.json
+++ b/mobile-attack/relationship/relationship--c89d6493-3f33-4568-ac77-ba13b206ae69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7784405c-b6df-4018-b6c9-831036d9d6e0",
+    "id": "bundle--6976a399-7697-4493-9c9a-66489f611e92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json b/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
index cf7184f188..434f0675e1 100644
--- a/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
+++ b/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b819aa1-818a-4290-9e59-eb8a3396e318",
+    "id": "bundle--88cfb2f3-9092-43bd-a885-21410d24a9a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059.json b/mobile-attack/relationship/relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059.json
index 0a63122de3..ad9dc187da 100644
--- a/mobile-attack/relationship/relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059.json
+++ b/mobile-attack/relationship/relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--82fa6314-add6-401b-96f0-fa7a70e2377f",
+    "id": "bundle--5a4c1735-c663-4b6e-a53b-32020ede28a1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json b/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
index f9c8e6a635..e5c743936c 100644
--- a/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
+++ b/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c1ea106-498e-463d-b43a-79c8410e3237",
+    "id": "bundle--c3306110-afc8-41ba-a46c-e05f3cae686b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c943d462-fea7-4c01-88b2-de134153095b.json b/mobile-attack/relationship/relationship--c943d462-fea7-4c01-88b2-de134153095b.json
index d911175aea..f0fe7b9a01 100644
--- a/mobile-attack/relationship/relationship--c943d462-fea7-4c01-88b2-de134153095b.json
+++ b/mobile-attack/relationship/relationship--c943d462-fea7-4c01-88b2-de134153095b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa9e54c5-5e9f-4376-abea-4da84b2b5e2f",
+    "id": "bundle--a561630f-bab0-4d17-b487-c99851cd3b52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json b/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
index e9aec32c52..ea34f79faa 100644
--- a/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
+++ b/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53521150-ade1-45c1-83cb-df28bb7d8112",
+    "id": "bundle--38825380-2342-4389-bf5b-de1c9ea6b538",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json b/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
index af6796f91b..5e0b152413 100644
--- a/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
+++ b/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2fb168f2-77ad-4858-b291-c29b980e0ec2",
+    "id": "bundle--0e3cb9c6-a114-4148-835d-073c3987a2d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json b/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
index 6ac25dee07..e9fed53261 100644
--- a/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
+++ b/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb0dbe2b-e76d-4169-b19b-8681521b4234",
+    "id": "bundle--fb68dd26-7367-441e-91d4-0b02bd621d04",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106.json b/mobile-attack/relationship/relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106.json
index 9afded5d06..4e20419567 100644
--- a/mobile-attack/relationship/relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106.json
+++ b/mobile-attack/relationship/relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3d7600f-4587-4d4b-b5ff-13f87bedbcd0",
+    "id": "bundle--c79e2dbd-edef-489a-8861-467f33e1cea9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json b/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
index 6dc8502093..27e3c712dd 100644
--- a/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
+++ b/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af4d675e-42b2-49e4-8278-139726f378d3",
+    "id": "bundle--a7c1f134-c74b-41ca-8018-4fc69761ed82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json b/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
index a13f553114..8bfde4d2da 100644
--- a/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
+++ b/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3adaf3b-c001-489d-a3d7-5cf53a5a894e",
+    "id": "bundle--c289fd2b-f0e4-452b-91b9-cfeb22d12902",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json b/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
index 6041d97475..90f46d3aa5 100644
--- a/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
+++ b/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f775bf89-7b5b-49ac-ba5d-a71f0f4ce448",
+    "id": "bundle--2c59584e-8a1f-4ae7-ab56-06ca0f75ba18",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json b/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
index d00eeb8dd4..b3f648486f 100644
--- a/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
+++ b/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ef2ba9c-9838-42a3-91c4-5d62764c851d",
+    "id": "bundle--0add1408-981d-411a-a7be-59c298bf10b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json b/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
index cce8746063..245884cd46 100644
--- a/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
+++ b/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71e3e687-3365-459b-ac1c-3362b360d0d9",
+    "id": "bundle--98b785fe-f7ed-4886-9161-14e146e65e49",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json b/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
index 6f42be0e6a..6a4f1568f4 100644
--- a/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
+++ b/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--36557840-b590-40a3-8b34-7d2772762135",
+    "id": "bundle--898a3992-4899-464a-9f15-96b5b0715f03",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json b/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
index d057c7b707..3dd685fb68 100644
--- a/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
+++ b/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6a69eb5-21eb-43dc-94f4-da4667b64f78",
+    "id": "bundle--cbe31d03-ad6d-4a7b-bc64-e0b665477b87",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json b/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
index c2de171175..54fc93e8e7 100644
--- a/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
+++ b/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e85b262e-162d-43cc-95b8-494145fc6edb",
+    "id": "bundle--3119e49b-3e43-4f81-890a-e325a5ca1f4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc345ae4-0d60-4f21-98b3-596c15118745.json b/mobile-attack/relationship/relationship--cc345ae4-0d60-4f21-98b3-596c15118745.json
index 9c0c7f6a9d..5e03e891cb 100644
--- a/mobile-attack/relationship/relationship--cc345ae4-0d60-4f21-98b3-596c15118745.json
+++ b/mobile-attack/relationship/relationship--cc345ae4-0d60-4f21-98b3-596c15118745.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f91b48f0-bcd9-4fc8-8625-487f6d29e9be",
+    "id": "bundle--1285838e-49d6-412b-a08b-560db5b18dcf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json b/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
index 12ec4780c0..783587d3dd 100644
--- a/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
+++ b/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e2c793b0-a7c1-40e8-9076-6b0964a97f91",
+    "id": "bundle--1ba03aee-3990-4e86-a13b-6edd9abaa2e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json b/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
index 9fe0837482..40bf5feeb3 100644
--- a/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
+++ b/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b161dc8e-d92f-4a47-9a69-d3aa02480d7f",
+    "id": "bundle--246bc022-824a-46c9-be66-a0978b7dc973",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json b/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
index ad2d82079d..0d63bd9a84 100644
--- a/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
+++ b/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8181303d-5739-4744-97bc-aa7837240deb",
+    "id": "bundle--e6c73446-b9b5-4cd4-a080-dd2f9ff9de43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json b/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
index 56e9f90455..f386ade7e1 100644
--- a/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
+++ b/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61a1551d-4f88-429e-b5a5-d17282fad230",
+    "id": "bundle--f17eba8d-1e4e-4f64-a1d7-d6f06e906560",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json b/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
index 69f3ef7b20..6c9f3e9551 100644
--- a/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
+++ b/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f26eb2a-ae90-451a-af36-1dfeb36a9bf7",
+    "id": "bundle--6c0707c3-67f6-4a59-aafa-8fe7b398f44a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json b/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
index 4ed09eecc0..2b14996e2c 100644
--- a/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
+++ b/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34eee499-3687-4678-88b4-841c76fb4d27",
+    "id": "bundle--52e36440-0251-4574-ac23-0d1dd4079612",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json b/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
index e10bc7bec3..5525d778f2 100644
--- a/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
+++ b/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed61ba74-3517-4f1a-bfb5-7d04353cf1fa",
+    "id": "bundle--2a23efd3-7123-49ef-b1c3-b614802243ea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json b/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
index 48ec498cda..e3b8b86bdf 100644
--- a/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
+++ b/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a58253a8-e0be-46f4-88b2-6179a802510a",
+    "id": "bundle--14262ac0-83c0-42e1-916e-52ace8732382",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json b/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
index 4a6b02380d..584ad05a79 100644
--- a/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
+++ b/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f178bf92-f510-4fd9-88d7-d825db07f5cd",
+    "id": "bundle--711652e5-9bc2-4700-9dd3-66403c43e597",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json b/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
index 4fe4122ff1..eb77d5c0f4 100644
--- a/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
+++ b/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a895bba9-1f8e-4771-9c58-2360c15ea59b",
+    "id": "bundle--2fe3ef05-9924-4618-a908-964aa0cab30a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json b/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
index cf9c85f8a1..cd6b0baebc 100644
--- a/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
+++ b/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59a72c56-cb0e-46f9-bfe0-6bf672958ac4",
+    "id": "bundle--67f7f438-62bd-4daf-9276-7fddc5fa0508",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c.json b/mobile-attack/relationship/relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c.json
index 26a89150ab..e8bf622bc1 100644
--- a/mobile-attack/relationship/relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c.json
+++ b/mobile-attack/relationship/relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d50b1666-d5c0-4bcd-aeea-f5a2d9faf78c",
+    "id": "bundle--131b2744-2ed5-45f4-a92f-af4995d66b44",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca.json b/mobile-attack/relationship/relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca.json
index 7699ad7795..474f3f6c16 100644
--- a/mobile-attack/relationship/relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca.json
+++ b/mobile-attack/relationship/relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b0484ffc-fadf-4386-a28e-6f080a57ca41",
+    "id": "bundle--4a73ed9d-a7a7-4f51-83db-f4fb8ab981b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json b/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
index e3b52517b4..035ad78b87 100644
--- a/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
+++ b/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0289f5e2-46c5-4f3c-bb4f-4e823345a570",
+    "id": "bundle--ac4b88f8-2c5a-4012-9085-fa38f0880286",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json b/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
index 649a973863..ca76a26d7a 100644
--- a/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
+++ b/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1799848-87be-45a2-b35b-1d4bf0ffda67",
+    "id": "bundle--0268788a-a5f8-42e3-82a2-28aa6571af9f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json b/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
index 2edeee8a21..ef6e8770bc 100644
--- a/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
+++ b/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3fca097-bb97-4889-a0b5-f591e763c6eb",
+    "id": "bundle--84cd55c7-84f8-4f5d-88f7-e13afa27d5c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json b/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
index fa35593546..ea6094b479 100644
--- a/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
+++ b/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--92c1c4d4-6975-4d23-af8f-05e37f851e2a",
+    "id": "bundle--67779961-ea60-420a-9fad-f18cd4039b30",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json b/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
index 25c3fd2b93..8d9e3115ca 100644
--- a/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
+++ b/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--469ae080-da16-4595-bc70-7a8e66191b27",
+    "id": "bundle--cf918f6b-14ad-4aef-9b3e-3ca49def2794",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b.json b/mobile-attack/relationship/relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b.json
index e4e1016d85..e20acd5975 100644
--- a/mobile-attack/relationship/relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b.json
+++ b/mobile-attack/relationship/relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--818a8c76-ec28-408b-8281-4f6f0a9e8262",
+    "id": "bundle--3fc7a397-fba8-4eec-9098-4aa2954d5d49",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json b/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
index 8db1de25e3..1f53216faf 100644
--- a/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
+++ b/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--111dfc43-610d-4fb5-af40-a048410f7f03",
+    "id": "bundle--5a07ed10-44cb-4b3f-8b65-81946118065d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json b/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
index 82c8d12d7f..24d0a6cc57 100644
--- a/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
+++ b/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dbac207d-7a97-4f23-baf5-4b75ac2f77c0",
+    "id": "bundle--5e1092f2-8f27-41f9-990d-739388a42581",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json b/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
index 63db331ab1..0218b4e6ef 100644
--- a/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
+++ b/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f559805-7a02-48e1-b0e5-f25746795721",
+    "id": "bundle--404001f3-4bcc-4aac-8b6c-dc8f9d8bd384",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json b/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
index 2ce28a9347..93d07b24e4 100644
--- a/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
+++ b/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--60b20569-1dfa-4957-a8f3-1d9ceab51823",
+    "id": "bundle--66375a6f-397b-496f-a124-a3014821f93f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json b/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
index 394b399ad9..05cec08b6e 100644
--- a/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
+++ b/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--205bb53f-f299-4695-9144-fca133a1b08f",
+    "id": "bundle--2303076a-6c9f-4feb-bd9c-67924c75c4d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json b/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
index 1f3fe93bbe..2a4891fed2 100644
--- a/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
+++ b/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f87bd435-e026-407a-bdb1-8b07a697d744",
+    "id": "bundle--95892dca-eb8e-437e-8590-68abdc1f24c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json b/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
index 28fe0ec3e1..7eac623a89 100644
--- a/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
+++ b/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fd4e175-0789-4d38-a006-d119c8031f6e",
+    "id": "bundle--990ac177-d696-4581-b3d0-b6a69ed6ba7e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263.json b/mobile-attack/relationship/relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263.json
index a904ba041c..d27da81dc6 100644
--- a/mobile-attack/relationship/relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263.json
+++ b/mobile-attack/relationship/relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c6ec17c-3ce8-4e6d-94ec-de13b9182073",
+    "id": "bundle--f47da6fd-bf07-4be4-9f84-499f1cf1269d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json b/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
index 7cc4e0c01a..ff21c429ea 100644
--- a/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
+++ b/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1fa0a048-4aca-45f0-ae31-586a4dcc4364",
+    "id": "bundle--a9852224-bf29-48c6-8d36-925901411c73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json b/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
index cf629781fe..e6b6bfad73 100644
--- a/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
+++ b/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d9555d3-c51f-4dae-82e5-456febe9bf21",
+    "id": "bundle--fe658079-9626-4d3f-a48e-40d08f4bd243",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json b/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
index d07ade430b..e8d1a1cb12 100644
--- a/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
+++ b/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73b26ad9-dbc0-4988-984b-2e378f7b5de5",
+    "id": "bundle--46900ea4-3ac4-4a9a-8c4e-8cd5becf195f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json b/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
index 1d744b8827..b6dab9b252 100644
--- a/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
+++ b/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c6fcdf9-d498-4016-bcf2-16c674f91f8f",
+    "id": "bundle--d1c3a25b-9ccb-4c46-8173-81329d895674",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json b/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
index 337931b205..b28a7b78a2 100644
--- a/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
+++ b/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb2b8d4f-1b0b-42ee-81e2-2b032df101ba",
+    "id": "bundle--076cbc1c-b0d2-4c9c-8933-fcd0813425da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json b/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
index 730458d16b..701b5d4ad6 100644
--- a/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
+++ b/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3fad7267-4c24-4464-949f-99f4a3a9f63c",
+    "id": "bundle--fb595a57-16b9-406a-9e02-1ff48f780cf3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json b/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
index 97da6d17ce..0564686523 100644
--- a/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
+++ b/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdab4fa1-e5f2-410e-b2c4-d811227d261b",
+    "id": "bundle--7adf2ea7-940e-4cd1-8079-75bc797c765c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json b/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
index 8a286a7d79..3fda97b2fa 100644
--- a/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
+++ b/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c05202e8-799e-455f-8c1f-7a5d4feed1ec",
+    "id": "bundle--e3f66434-e900-4f86-8dda-60916ed0dfb9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d170a088-b115-4a86-b093-8aa32666a470.json b/mobile-attack/relationship/relationship--d170a088-b115-4a86-b093-8aa32666a470.json
index e93c84515a..cbf3d73c56 100644
--- a/mobile-attack/relationship/relationship--d170a088-b115-4a86-b093-8aa32666a470.json
+++ b/mobile-attack/relationship/relationship--d170a088-b115-4a86-b093-8aa32666a470.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5449a61-4377-4170-a803-fe17398b7cc1",
+    "id": "bundle--d9868a97-9c50-4046-aac3-4d00169b9883",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3.json b/mobile-attack/relationship/relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3.json
index 144f9c84c3..a4f0193d58 100644
--- a/mobile-attack/relationship/relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3.json
+++ b/mobile-attack/relationship/relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34cc2473-f4aa-4001-95b8-f29275a08720",
+    "id": "bundle--3c5deda3-2a2c-4e1d-bb98-0d776270a86c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json b/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
index 93a6f307e7..c1a65e5ed5 100644
--- a/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
+++ b/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0802555b-d11f-4a83-914a-9a4a1e1a2614",
+    "id": "bundle--40e70bf0-d7c2-4449-8389-d48977209e43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json b/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
index d9be09d724..aea044096f 100644
--- a/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
+++ b/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--842ba0da-78a7-4a56-a3f5-a6e92b1f6298",
+    "id": "bundle--587913a1-4534-4bff-8249-2c43c0b9eb9a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json b/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
index 07c0611852..b9235a4248 100644
--- a/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
+++ b/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c597afa5-5050-4537-8bdc-632dc79ab0c5",
+    "id": "bundle--afa71c8e-434c-4f3a-9705-843f33221663",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json b/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
index c4c0d221f0..19b9c162ff 100644
--- a/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
+++ b/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--63877e2d-b698-49fb-91da-1876db1925fe",
+    "id": "bundle--54d1569c-cb0f-40c7-b2e0-aea28d1af3f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json b/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
index 8faeccfa53..86f8e00e0a 100644
--- a/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
+++ b/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1c2fd7e9-55f0-4666-aaff-e39b33624d64",
+    "id": "bundle--aca36d1e-d468-4c39-8537-768341d88471",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json b/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
index 86fb26e292..ce6cb9e18b 100644
--- a/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
+++ b/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f01a4c5f-fa11-4b43-9d57-669926997b19",
+    "id": "bundle--b1824d1c-992b-4d28-9378-6cdefe2bd0a1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json b/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
index aafecd303b..3cc087689c 100644
--- a/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
+++ b/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0bce90a-9e80-4501-a362-b42caaae299c",
+    "id": "bundle--8d7eea05-7223-4c47-8462-da7cbb841e2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json b/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
index be2ecbd1de..3774d58438 100644
--- a/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
+++ b/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e47cb2ea-af26-4004-8137-357661478b1d",
+    "id": "bundle--0ef370ab-644d-4fe8-a09b-f878d8b773ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0.json b/mobile-attack/relationship/relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0.json
index 3ae64f2598..52e4b5fc15 100644
--- a/mobile-attack/relationship/relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0.json
+++ b/mobile-attack/relationship/relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--acd4869f-7d5e-4af1-b58b-e86791b7bfbf",
+    "id": "bundle--b2e7ffab-1fac-451e-bb85-20e1b32d21da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86.json b/mobile-attack/relationship/relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86.json
index eaf96085f6..1a098d923b 100644
--- a/mobile-attack/relationship/relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86.json
+++ b/mobile-attack/relationship/relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1de7dffc-a2bf-4423-a16f-25a855684ee6",
+    "id": "bundle--e366fe0a-66ff-4741-a83a-992459fd9a69",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json b/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
index d7f94635a5..caa0fd42f1 100644
--- a/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
+++ b/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de1ed5e8-11d1-4d1d-8c2e-8fcef5808280",
+    "id": "bundle--b9d12325-e8e6-4b7a-a6c6-9c7f059b1849",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c.json b/mobile-attack/relationship/relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c.json
index ac48b1abb4..03cc5767eb 100644
--- a/mobile-attack/relationship/relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c.json
+++ b/mobile-attack/relationship/relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d641794-3fac-45fb-87d7-c44c9d90a7c5",
+    "id": "bundle--073c5d5b-c059-4309-9c96-82c360d23db6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json b/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
index 344d21deb8..59e4d42ab7 100644
--- a/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
+++ b/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b5af6964-e6e8-49bc-9d0e-71c5ea90a899",
+    "id": "bundle--a175d3f6-631c-452b-9caf-ea065d4d788d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json b/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
index 477f324762..71336f6360 100644
--- a/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
+++ b/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--161f5770-933d-453a-9fc2-a0c3cdfed2e9",
+    "id": "bundle--12ee7683-baa7-4e74-9316-bc27cde56e77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json b/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
index e2c604b008..c19d14f23d 100644
--- a/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
+++ b/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--86cdbf30-cbf2-431a-80be-bcdbb4f2fe08",
+    "id": "bundle--184273f7-a577-47bf-856e-1a10797e4767",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb.json b/mobile-attack/relationship/relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb.json
index e44979ba20..e120de5185 100644
--- a/mobile-attack/relationship/relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb.json
+++ b/mobile-attack/relationship/relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b01115b8-7e93-4c54-add0-eaf70f59f14b",
+    "id": "bundle--85527ae0-dd8f-4e88-9a64-9a7ed3ab898f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json b/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
index d19da107cc..bca8e7eba7 100644
--- a/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
+++ b/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53195004-5221-4650-8b57-33d3ed9e154b",
+    "id": "bundle--987187b4-c256-4ab9-a6fb-e89cadb4dd50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json b/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
index e9f1e410a0..0fb5d7f6dc 100644
--- a/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
+++ b/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25d8ea7f-6c84-46a6-a746-948d261dae7a",
+    "id": "bundle--0b5f8944-660f-461d-a831-48b3ec6a927a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json b/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
index 97164bbe86..6321ae032a 100644
--- a/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
+++ b/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--89fddde3-41af-44c9-924a-0668a7da4af2",
+    "id": "bundle--3f2d05eb-7006-4ce1-aaa7-7b95108e8c71",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a.json b/mobile-attack/relationship/relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a.json
index 27f7e6f257..5a068f627d 100644
--- a/mobile-attack/relationship/relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a.json
+++ b/mobile-attack/relationship/relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--47182d34-690e-45a6-be5d-21e6bb0ac556",
+    "id": "bundle--6637c13c-9197-4115-8e4a-f42f423e7640",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json b/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
index 1f9e65af5f..8308832b37 100644
--- a/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
+++ b/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2103323-c887-442b-a5a8-f4c9f2d930c7",
+    "id": "bundle--2726f7ca-1d7a-498e-a4da-e961fa0b49a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d63de13b-0253-42f4-b13d-34bccf76ad94.json b/mobile-attack/relationship/relationship--d63de13b-0253-42f4-b13d-34bccf76ad94.json
index 7cc8ebe1d9..b1cfad994c 100644
--- a/mobile-attack/relationship/relationship--d63de13b-0253-42f4-b13d-34bccf76ad94.json
+++ b/mobile-attack/relationship/relationship--d63de13b-0253-42f4-b13d-34bccf76ad94.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a072618-37e4-48a7-bb04-6cdc11ec61d3",
+    "id": "bundle--6891c39f-6d55-4fe5-8cfe-2c5c8d3f49b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json b/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
index 0a91bcc975..d25a6fd852 100644
--- a/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
+++ b/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c66b85c3-a547-482e-82e6-0a789b03c1df",
+    "id": "bundle--8826f900-f6bf-41b9-878a-a79894c56ad2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d64c4924-76f0-4b2e-858d-b0df733334d0.json b/mobile-attack/relationship/relationship--d64c4924-76f0-4b2e-858d-b0df733334d0.json
index 2c30e20569..0dcc313198 100644
--- a/mobile-attack/relationship/relationship--d64c4924-76f0-4b2e-858d-b0df733334d0.json
+++ b/mobile-attack/relationship/relationship--d64c4924-76f0-4b2e-858d-b0df733334d0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7224708c-6a63-4434-9d2f-97eb316fba16",
+    "id": "bundle--c2731d47-ce5d-40fb-bf47-fdf562c96442",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json b/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
index 669090f37a..406d667ddb 100644
--- a/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
+++ b/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ad46e6f-50ce-4d83-9c6e-0df1e90b86aa",
+    "id": "bundle--1820ca0a-a0d1-4afb-ad8a-4db8a95ea930",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7.json b/mobile-attack/relationship/relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7.json
index a586cb949c..4d4e329cdc 100644
--- a/mobile-attack/relationship/relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7.json
+++ b/mobile-attack/relationship/relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f95205bc-8601-4c77-884c-4976440dd67b",
+    "id": "bundle--d7d73c54-33f5-40fd-854b-9f6ec2254144",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json b/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
index 2b03f1abb3..0d0aa72406 100644
--- a/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
+++ b/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e6f0c123-871b-40bf-b5a7-1ac690199deb",
+    "id": "bundle--08400bb0-d160-477a-b5b8-92ad3205cf4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json b/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
index 442706e7c5..0801733fed 100644
--- a/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
+++ b/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b860f6bc-e21e-4c23-a71e-50c8b8fad100",
+    "id": "bundle--b7e3bef1-34ff-4b81-8256-bdca3134b9a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json b/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
index be9d5ec19f..8f2b29f0b7 100644
--- a/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
+++ b/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea196ad4-a1f9-44a1-a065-1e8441567531",
+    "id": "bundle--56557cde-6602-46e0-a50b-103549ba251a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json b/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
index 9658ab2cc9..8b459f0c24 100644
--- a/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
+++ b/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--36bd85b9-6c6c-49fc-9445-74da05fbd400",
+    "id": "bundle--2197a472-b7d9-4873-8ed0-dbc2020f9e90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5.json b/mobile-attack/relationship/relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5.json
index c307e86726..529f9c7e99 100644
--- a/mobile-attack/relationship/relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5.json
+++ b/mobile-attack/relationship/relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9b6bb86-7475-465d-b915-07200937fa44",
+    "id": "bundle--faa0bb62-67ee-45f4-96f7-8f57839d4a93",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json b/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
index 83d77c3824..fe8cf0ec79 100644
--- a/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
+++ b/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--392d4aaa-eacc-4d78-b2c8-a61bcfdd262e",
+    "id": "bundle--7cdf0361-ce5a-448d-b154-262f7f7882bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json b/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
index e3d4d4bdbc..109142819b 100644
--- a/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
+++ b/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c9f7d3b5-bec7-4402-b735-6baa8308d30a",
+    "id": "bundle--dddfb1f7-4d70-4a59-85d9-f8325ba92874",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json b/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
index b0e1aa1195..f963229823 100644
--- a/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
+++ b/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c44123bb-6cdb-43bd-9f09-fa657d196ade",
+    "id": "bundle--5066ca51-d26f-4876-ac40-7fafad9158d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json b/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
index 230c994f4c..0084a52d6d 100644
--- a/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
+++ b/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5c5a3fc-2d32-48a1-bb37-0f26254f8a17",
+    "id": "bundle--7b353142-e607-422f-bb99-548e9e9e4e90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json b/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
index a6df63f548..259111e202 100644
--- a/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
+++ b/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93d30e56-67fb-47e8-8692-f7c3208cc5d3",
+    "id": "bundle--de801072-b71f-4449-8778-0eb502e916e0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json b/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
index b65b37d24f..d5bd8dff51 100644
--- a/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
+++ b/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd33fa44-4ae9-461a-9fff-88f34a7f1e53",
+    "id": "bundle--82bb787f-11c8-4017-a8b6-67e160b39c48",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json b/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
index ab308e90bb..e789aa1a0a 100644
--- a/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
+++ b/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f25eeae4-68b1-44ea-ae46-a9f77ffaa216",
+    "id": "bundle--6d447595-4f2c-408b-8043-eafbc7f834e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json b/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
index 8cdb85b126..ac89d1cf30 100644
--- a/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
+++ b/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dfcc1a6e-ff15-435c-a19e-785063fc092b",
+    "id": "bundle--76f87d51-2914-47be-af08-25fc0cbbf599",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json b/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
index 9ecd4a10cb..d232d829cd 100644
--- a/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
+++ b/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9df3c90-ee5b-40ef-9e81-e65b9189f1b5",
+    "id": "bundle--5929ca8b-b32a-4e09-93cb-60a389560933",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json b/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
index e619815762..593c171089 100644
--- a/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
+++ b/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--681b37b4-bdde-4457-8ac0-f8af4467ed7b",
+    "id": "bundle--42d42c32-133c-49b9-a5e0-7b90d8c92683",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json b/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
index 1e32522857..7da7f5e821 100644
--- a/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
+++ b/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a422c21-3d0d-40a0-a39e-25104da14837",
+    "id": "bundle--cef2e911-eda8-4611-a775-5a36ec96df83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json b/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
index ff451d8f8b..b729801418 100644
--- a/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
+++ b/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c799ab4-871f-4dec-a7bb-d72e5187a2c2",
+    "id": "bundle--182ccfe0-80d7-43ed-b469-8145073d60df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json b/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
index 5eff76eb0c..5337bbc7d2 100644
--- a/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
+++ b/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f5fddaf-ae13-445d-9219-80897ad7d5e7",
+    "id": "bundle--1ed69e03-70fa-4bd8-bb61-527555272330",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json b/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
index 6884bf915b..89027282a4 100644
--- a/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
+++ b/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a334484-0854-422f-947e-6ca1c2ef06bb",
+    "id": "bundle--d8028f8e-3c71-4e74-8d07-a565a5289ee9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json b/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
index a022ea90e8..50a10a2eb6 100644
--- a/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
+++ b/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a72dc680-5cb5-42ec-a0a0-0cda67911863",
+    "id": "bundle--d97a80d0-7cc9-4c11-ab8f-6d972b3201c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json b/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
index 69305ff0cf..f0ed04e60f 100644
--- a/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
+++ b/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8a5dcb1-14d7-446d-aed7-b7230789147b",
+    "id": "bundle--67e12f08-c7b1-49aa-9b27-dbdc0e740301",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json b/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
index 056ea0b6fc..9cdc9d1598 100644
--- a/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
+++ b/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b618b5d9-599d-4f6c-aee6-50cf5ef829ad",
+    "id": "bundle--fdc02573-d61a-4722-b238-a7b05d191f59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json b/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
index 0fffdf227d..9bc75c1782 100644
--- a/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
+++ b/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a9378dfd-5476-4348-a54b-6b58589338ff",
+    "id": "bundle--81ea2135-6b04-4e16-87f8-782e2d686338",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json b/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
index 8e73bd0fd1..ff555bd420 100644
--- a/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
+++ b/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34e7bb43-9f53-478d-bc6c-8a31e93e3d8c",
+    "id": "bundle--65b44237-47bc-4e25-bb46-82ac219324f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json b/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
index e88d524ce3..bfef7de406 100644
--- a/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
+++ b/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef7acd9f-d268-4c9b-822e-a6c74a598a20",
+    "id": "bundle--d6589ac0-d26e-403d-b6b2-2c30694cbcdc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json b/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
index 5a17e84fcc..610b62d387 100644
--- a/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
+++ b/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd91ad5c-12f4-45e2-83ba-f6c2286788f4",
+    "id": "bundle--667a65b7-e4fb-4522-a2ed-10ebbb4ea0e2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json b/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
index 5d172a684d..8ccae39d1a 100644
--- a/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
+++ b/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65c8aaf2-39ec-4d5d-a1e9-c948f4a9b504",
+    "id": "bundle--d2536403-d8fa-4b06-a8fa-dfaa493ba0fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dbef53a9-f9c4-4582-8e93-349ad488de12.json b/mobile-attack/relationship/relationship--dbef53a9-f9c4-4582-8e93-349ad488de12.json
index d63e6de8f9..3d8b764d33 100644
--- a/mobile-attack/relationship/relationship--dbef53a9-f9c4-4582-8e93-349ad488de12.json
+++ b/mobile-attack/relationship/relationship--dbef53a9-f9c4-4582-8e93-349ad488de12.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--90fe8844-69fd-4c3a-b69b-4fd71c4cea37",
+    "id": "bundle--5ba6d9d2-b3c9-4a6f-9368-d66c5e0ada92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97.json b/mobile-attack/relationship/relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97.json
index 8a0134aa0f..0e3b82176e 100644
--- a/mobile-attack/relationship/relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97.json
+++ b/mobile-attack/relationship/relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec8fb406-cdc0-4e08-9e8e-60c47c602161",
+    "id": "bundle--771481a9-ca7d-4f8a-b10a-6c096424bbbd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json b/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
index 39134dac9f..3fa6e9d43d 100644
--- a/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
+++ b/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5da2512f-0157-4c94-aec9-2dd8d7f6abe2",
+    "id": "bundle--ef1349dd-f95f-476d-a4cf-3a844302920f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dc7ef843-a073-4e23-b717-c505d4863b02.json b/mobile-attack/relationship/relationship--dc7ef843-a073-4e23-b717-c505d4863b02.json
index 2b9134345b..e5b6e184a2 100644
--- a/mobile-attack/relationship/relationship--dc7ef843-a073-4e23-b717-c505d4863b02.json
+++ b/mobile-attack/relationship/relationship--dc7ef843-a073-4e23-b717-c505d4863b02.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d557844-d8b9-4107-b7bd-db4609bf278d",
+    "id": "bundle--cc91fbfe-ad14-47cd-85aa-0eb77ddd0b7c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json b/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
index 2a1344110f..fe4f520b50 100644
--- a/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
+++ b/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1486f46f-babe-4fba-83f2-9ef93878bf94",
+    "id": "bundle--0d41a7dc-8521-4e71-a4b9-c7a3224cbe65",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8.json b/mobile-attack/relationship/relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8.json
index 78f5e9b5f3..3c12e5fcc3 100644
--- a/mobile-attack/relationship/relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8.json
+++ b/mobile-attack/relationship/relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6794a72f-d271-42ac-9079-f2c2788e1c7b",
+    "id": "bundle--595a349a-090c-4f2b-820d-7f7aae274cd1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json b/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
index 31a2626b69..b4879c357e 100644
--- a/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
+++ b/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dde5a8b5-ba4f-4318-8751-4461d8b57c8a",
+    "id": "bundle--2fdd09a6-6295-4dbb-b1d6-1d6612cdbd41",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json b/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
index a45c4b232b..0166cee7f9 100644
--- a/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
+++ b/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--791d7d19-82e3-457b-84de-7417c00ead6f",
+    "id": "bundle--4948de9e-bbb9-48e8-9f76-a17cc513738d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json b/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
index daf89f5aa2..3862b8aa53 100644
--- a/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
+++ b/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a8febd2b-c63c-433a-a0cc-9b6ae216ba03",
+    "id": "bundle--4b3e2654-7086-43ac-93fe-ba7f00ce7491",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json b/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
index 1aee29b01d..88e9347355 100644
--- a/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
+++ b/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--15a8721d-71f5-4d40-8f1b-2d9ad92338e4",
+    "id": "bundle--f4355abb-3fe4-41f3-8913-4397007fd3bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json b/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
index a35df08b56..1204f9b8a8 100644
--- a/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
+++ b/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2e5c9f4-69c7-4f6c-bcb3-09c978b06db9",
+    "id": "bundle--3ff725df-e2c5-49c6-8a10-41913251db81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json b/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
index 8c7ee0dd8b..e2f31e7632 100644
--- a/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
+++ b/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e507d9c-5194-405e-a12c-001cd8512ebb",
+    "id": "bundle--fd7af1bd-b72c-45c1-9ed0-bd05fa026617",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json b/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
index 68b8842243..c501a40883 100644
--- a/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
+++ b/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26cd54d1-8dda-47f5-93be-f02e38cda347",
+    "id": "bundle--2889ccd6-37e4-48f6-a095-e4c90f34796a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--def81edd-4410-47b2-a80f-d47b3f353f54.json b/mobile-attack/relationship/relationship--def81edd-4410-47b2-a80f-d47b3f353f54.json
index ccb5f68c12..8df71740ed 100644
--- a/mobile-attack/relationship/relationship--def81edd-4410-47b2-a80f-d47b3f353f54.json
+++ b/mobile-attack/relationship/relationship--def81edd-4410-47b2-a80f-d47b3f353f54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67c57995-62d0-4e6e-97ec-349c466532a6",
+    "id": "bundle--b4036ffc-b634-4f20-b5c5-006f48456148",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json b/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
index c998ac19f2..ba88fa0ff0 100644
--- a/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
+++ b/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5b1c892-51b2-4340-ad1c-c9032f42e172",
+    "id": "bundle--cce38e4d-d3ee-45df-aefd-30245835ccf2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json b/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
index 4a374f33c5..883cff4544 100644
--- a/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
+++ b/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--908278c1-6921-4a17-9baa-789e4f37661b",
+    "id": "bundle--7a85d0c4-5d4e-406d-92fc-5ab02a385dcb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json b/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
index 195835e528..02b0b4f98a 100644
--- a/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
+++ b/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--536d2761-4806-4583-a527-d24874f69dd0",
+    "id": "bundle--8592f628-e887-45f8-bee0-e971d8ccf4c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json b/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
index 6cf282131b..f496ca0065 100644
--- a/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
+++ b/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--437a3491-e411-4d9b-a66e-6365830b44ca",
+    "id": "bundle--a57416af-1c7c-4f6c-aadf-54caf5b139d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea.json b/mobile-attack/relationship/relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea.json
index ebefaee491..d1f76da7b8 100644
--- a/mobile-attack/relationship/relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea.json
+++ b/mobile-attack/relationship/relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--179f5ace-f120-4c91-b086-6e39770db653",
+    "id": "bundle--8978ef50-9a97-40bc-b598-dc6fa590a4d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e012da15-7669-4764-ad9d-8a1d817bcca9.json b/mobile-attack/relationship/relationship--e012da15-7669-4764-ad9d-8a1d817bcca9.json
index c7c48ad3c9..aa38be5bcb 100644
--- a/mobile-attack/relationship/relationship--e012da15-7669-4764-ad9d-8a1d817bcca9.json
+++ b/mobile-attack/relationship/relationship--e012da15-7669-4764-ad9d-8a1d817bcca9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2299dd94-3521-4be5-87c1-93a4a3ec2ef3",
+    "id": "bundle--85deb255-3403-482d-b17d-c9692e43d056",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json b/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
index 8a1a317fd1..abba9719a4 100644
--- a/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
+++ b/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3793de28-cc88-40d1-a915-9fd25c7b5771",
+    "id": "bundle--8a81abc8-c619-44b2-9233-583fd4362b7c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json b/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
index f41f10767f..7237d2adf7 100644
--- a/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
+++ b/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49cff415-9abb-4dc7-ab8f-38110bead323",
+    "id": "bundle--d0448767-3876-41d6-bed9-a323eaad8aa0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json b/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
index b36c835e90..9933250faa 100644
--- a/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
+++ b/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8a08b49-ec70-4894-8a97-f0fe0b6ea376",
+    "id": "bundle--d770a126-a2b9-4bf3-8acd-b0c31c15fa59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e.json b/mobile-attack/relationship/relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e.json
index fc28e9f7f7..a8c5f0fba1 100644
--- a/mobile-attack/relationship/relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e.json
+++ b/mobile-attack/relationship/relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3769b8ba-78a7-47f7-9b93-a9cd6729d079",
+    "id": "bundle--9e514cb6-8434-4d43-9357-30c8a68163f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json b/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
index d245d2a069..757618ddd3 100644
--- a/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
+++ b/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d20fde06-ca34-4021-929b-e6584d8988dd",
+    "id": "bundle--3c664f58-29c4-424a-b54d-26539c136c1e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json b/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
index 1c40d7174e..70bbe00f02 100644
--- a/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
+++ b/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--769e887e-07b6-45bb-bc9a-8805945e604f",
+    "id": "bundle--e7b669f9-b707-4585-b917-b60bf886cc85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json b/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
index a8b27de879..bd058c8852 100644
--- a/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
+++ b/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a719d1c-94a1-4eb5-96f8-ec83b660ea6d",
+    "id": "bundle--96b1adad-7b45-493d-8856-5e4bce819ca7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36.json b/mobile-attack/relationship/relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36.json
index 654669f668..837b044ee1 100644
--- a/mobile-attack/relationship/relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36.json
+++ b/mobile-attack/relationship/relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--533ff3cc-1e7d-4026-a8e4-8806b14bf8bd",
+    "id": "bundle--d53727bd-9a36-48d4-89f0-d02ed4252ced",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e245e45a-71a8-408d-8f32-7b7337bffc26.json b/mobile-attack/relationship/relationship--e245e45a-71a8-408d-8f32-7b7337bffc26.json
index 340377e254..2c76a67e6c 100644
--- a/mobile-attack/relationship/relationship--e245e45a-71a8-408d-8f32-7b7337bffc26.json
+++ b/mobile-attack/relationship/relationship--e245e45a-71a8-408d-8f32-7b7337bffc26.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6da5e725-e783-44e5-bcf1-3db45981dace",
+    "id": "bundle--f4343702-5b7d-4a1f-ab62-7ae81dfc3f50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json b/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
index 20ac11f8d2..bc00f3e798 100644
--- a/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
+++ b/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dde4856a-acc8-45f5-9606-3d6d5b2d5a68",
+    "id": "bundle--3c92d7d6-6ada-413a-906f-861445727d7d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json b/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
index 800088a43f..51aafb29c5 100644
--- a/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
+++ b/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b391538-2bc0-4184-869d-90297b060cc8",
+    "id": "bundle--ce3dd7c8-7558-456f-addb-f781e60868c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json b/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
index 2db985f25b..f7e7620235 100644
--- a/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
+++ b/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e44857bd-58ac-40ef-ac30-246bb435e607",
+    "id": "bundle--05f66308-7806-4e5b-b880-a61d478610f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json b/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
index 871174e77c..0d17061c8d 100644
--- a/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
+++ b/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a338d59d-db8d-40a6-a9a6-e1e14d2abf70",
+    "id": "bundle--10b74d3f-81c0-41f8-8fa2-7e66d7780143",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8.json b/mobile-attack/relationship/relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8.json
index 2654a599fa..8ef2c24d5f 100644
--- a/mobile-attack/relationship/relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8.json
+++ b/mobile-attack/relationship/relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ceab1eeb-198f-4091-a448-49775d234080",
+    "id": "bundle--0de496df-4b64-4b15-8c39-f175f70c44f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json b/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
index ca5772425b..e521f60ed0 100644
--- a/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
+++ b/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba2382dd-223d-43d5-8c99-fd78a82d0ff2",
+    "id": "bundle--1d4141ac-2f3b-483e-9754-6033ac668cc4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json b/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
index 21deb9f8fa..d0b6de8789 100644
--- a/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
+++ b/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--079862ce-8208-4ab4-920a-ca6d91e7a0fc",
+    "id": "bundle--d1cc90a4-1ebf-4b41-8bf7-048bc189be46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json b/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
index ca99ea1722..ff96985c2d 100644
--- a/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
+++ b/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b59ebb5-c8d6-4fb0-abf1-a45374d7dd54",
+    "id": "bundle--fdab2c47-13c8-48a4-859d-6bda196e2f77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json b/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
index a2cc51ddf5..deb389e687 100644
--- a/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
+++ b/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0de2479-95d5-4f93-bbc7-dee714d279d2",
+    "id": "bundle--14a47d2b-b8ad-4509-9aef-b061fc66737d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e457921c-4a0b-4d6e-92e7-553929ddf943.json b/mobile-attack/relationship/relationship--e457921c-4a0b-4d6e-92e7-553929ddf943.json
index eecb88b735..6ac0b7d297 100644
--- a/mobile-attack/relationship/relationship--e457921c-4a0b-4d6e-92e7-553929ddf943.json
+++ b/mobile-attack/relationship/relationship--e457921c-4a0b-4d6e-92e7-553929ddf943.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7dd67e2-f37a-42ca-987b-e1f08d4a0c46",
+    "id": "bundle--cf4566f9-d282-4d02-8f9b-f77dd5da048e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532.json b/mobile-attack/relationship/relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532.json
index a2b01858ef..078ac591cc 100644
--- a/mobile-attack/relationship/relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532.json
+++ b/mobile-attack/relationship/relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37cd3816-4943-4dac-aa68-aaa451995074",
+    "id": "bundle--9f5fbafd-b0b1-4f7f-bbdd-0c498b2d9521",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8.json b/mobile-attack/relationship/relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8.json
index 657c3b73b0..23cbe0e387 100644
--- a/mobile-attack/relationship/relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8.json
+++ b/mobile-attack/relationship/relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc2f7671-15d7-49b1-a102-25990efddd1c",
+    "id": "bundle--bda0801e-2d38-417d-b1ca-60d72c48f03b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json b/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
index b16da17c47..9ae93241f4 100644
--- a/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
+++ b/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70cc7cc8-8e1c-44ef-914e-448240c729da",
+    "id": "bundle--a5b5e171-7e45-4887-8f44-789c938b8487",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json b/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
index 0341e081a2..d7983cebd5 100644
--- a/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
+++ b/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8fd463d4-c09e-4506-829e-0541875f0d95",
+    "id": "bundle--15229a2c-2958-4616-89fd-c33d02bfae62",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json b/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
index c2f5431274..d648b21718 100644
--- a/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
+++ b/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71434a68-279f-4d1a-b221-77a2f1f327cd",
+    "id": "bundle--f9ed287e-1590-43f2-860a-022845daab65",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3.json b/mobile-attack/relationship/relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3.json
index 741f022afd..c1a7fa5336 100644
--- a/mobile-attack/relationship/relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3.json
+++ b/mobile-attack/relationship/relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eee46aa7-b58f-40d5-a6fc-9bf5b2f7c4e3",
+    "id": "bundle--d1db719a-f0fb-4774-b841-9b5669c66833",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json b/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
index 0e9a1876fe..9e2e14dd86 100644
--- a/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
+++ b/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5a7b0cf-f380-4f4e-87a5-2c2820791f9a",
+    "id": "bundle--974d4cc6-84ad-43fb-9879-93ebf85518bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json b/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
index b60ff92efd..cf5d0ca7c2 100644
--- a/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
+++ b/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f98a6aa1-2f10-4d2a-823a-bd2b77c0a516",
+    "id": "bundle--9115dcee-be08-4682-ac24-9168b5ec9f83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json b/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
index 43518dcae8..6f4b978392 100644
--- a/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
+++ b/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fbb8712b-a33c-44e7-b24a-e01135788272",
+    "id": "bundle--ae5aa468-d696-46f7-9160-7d9b3387dfb9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json b/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
index ad4334d8d3..e83625b890 100644
--- a/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
+++ b/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af3c5d89-bf48-469c-8024-67a7c029a5ac",
+    "id": "bundle--98c7323b-08ee-4e09-9fee-4f42b1084270",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json b/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
index cd82b5b518..5de98c3d6d 100644
--- a/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
+++ b/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5816f8f7-bafe-4c35-8615-6da619b3c6ee",
+    "id": "bundle--e9a6cb27-3daa-4af9-b115-2afbfb7f5c40",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json b/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
index 89bbd11422..968562a37c 100644
--- a/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
+++ b/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0bcee54-6746-4ca1-971e-414fcf13a2fe",
+    "id": "bundle--c0f5bcd7-9294-4ab4-8408-bfcfa27ec33b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json b/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
index fc0bae358e..4e85cdd75a 100644
--- a/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
+++ b/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--541bc5b5-87bc-4b93-99ac-c40b2fcde3e9",
+    "id": "bundle--6d45fa5c-cc2f-4a8f-9a79-a1bec9b3d3f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json b/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
index e006a2fd7a..4fd87159df 100644
--- a/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
+++ b/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe56231c-7bd6-4218-b9a4-f054685ffe2c",
+    "id": "bundle--8563e0fa-bbf7-4dcf-a299-217cb877fde5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json b/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
index 348ea5bdd2..10f2c95276 100644
--- a/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
+++ b/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2458a79-9f0b-4455-9a28-71de2deb0818",
+    "id": "bundle--7d13c6c5-5047-4910-80ca-ec8cfd58f0b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e889782a-f66b-448e-a466-e55b1bce7b64.json b/mobile-attack/relationship/relationship--e889782a-f66b-448e-a466-e55b1bce7b64.json
index fb292b5da9..b904aa797e 100644
--- a/mobile-attack/relationship/relationship--e889782a-f66b-448e-a466-e55b1bce7b64.json
+++ b/mobile-attack/relationship/relationship--e889782a-f66b-448e-a466-e55b1bce7b64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5908810-1178-4ccc-817a-6fc83a908149",
+    "id": "bundle--6309fb7f-7b5c-47bc-8272-1a9c41d9f1b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json b/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
index 696627e70b..1ed8a82daf 100644
--- a/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
+++ b/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7908950a-fc08-49f4-a28d-a222b87629db",
+    "id": "bundle--efa55281-fa65-4233-af31-eba16c2d90a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e928c0ce-2b98-4af5-a990-f690f4306681.json b/mobile-attack/relationship/relationship--e928c0ce-2b98-4af5-a990-f690f4306681.json
index b854c7bb96..50e1e6dbc5 100644
--- a/mobile-attack/relationship/relationship--e928c0ce-2b98-4af5-a990-f690f4306681.json
+++ b/mobile-attack/relationship/relationship--e928c0ce-2b98-4af5-a990-f690f4306681.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f64088d5-a836-4055-ad5c-84a541520615",
+    "id": "bundle--cb8be76f-1d23-4604-a6e2-d46199d33353",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json b/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
index 80526edfb0..22e49c7f57 100644
--- a/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
+++ b/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--383bab27-1927-4827-bc1b-607006923df4",
+    "id": "bundle--b208c384-17a7-44bf-b3d1-2daa0a67b2c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json b/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
index b4c79f505d..f21b020931 100644
--- a/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
+++ b/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4041858e-b8d1-4c5c-b8a0-3e94c81522b9",
+    "id": "bundle--b8daa543-dd34-458a-8d00-616a43b4b6fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json b/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
index d2a56abb72..d898e911b6 100644
--- a/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
+++ b/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b7df684-4c93-478a-96c9-43f28a23a43f",
+    "id": "bundle--63f5594d-df7b-4c77-ae90-335bb5a20455",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json b/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
index c8abe28a2f..130c26b829 100644
--- a/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
+++ b/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--83f2673a-d72d-420f-a730-d71b84027b13",
+    "id": "bundle--01585c68-e2ef-4570-a07d-a0128b766526",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json b/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
index ec49046fe8..5499ea8503 100644
--- a/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
+++ b/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a21ee51-2ca1-420e-9e50-90b43a73e8c5",
+    "id": "bundle--4499d8f6-d66a-4e07-a165-533f7f602ff6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc.json b/mobile-attack/relationship/relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc.json
index 12b9503b66..fe5d6c8d79 100644
--- a/mobile-attack/relationship/relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc.json
+++ b/mobile-attack/relationship/relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5927f89a-be6e-4855-b936-d09c6f8870e3",
+    "id": "bundle--81751d46-a30a-4a81-980c-908e3290e238",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json b/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
index 8b15cdd8a0..4db776f77c 100644
--- a/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
+++ b/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1e17118e-1903-4357-89e4-5cefca9f6faa",
+    "id": "bundle--8016c0a8-d510-42e7-a59b-114cae318e86",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json b/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
index 20c0d9c872..cf8ea7f213 100644
--- a/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
+++ b/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ecdadaa0-291f-4cb8-a175-5d097ab98da4",
+    "id": "bundle--f288fd92-a7b0-448b-9a08-79958739801d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json b/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
index 9bf8ae266c..96d29d14bb 100644
--- a/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
+++ b/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5588138-58bd-4e9c-94e9-e52aa21d6198",
+    "id": "bundle--2374fcb9-a67f-4337-b9ee-63e6d0b6c2f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json b/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
index 4a9daa42f8..21bdfe3966 100644
--- a/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
+++ b/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9866285b-c9f9-4d8d-89c3-3f92d4caa9af",
+    "id": "bundle--5f67247b-0758-431b-8b81-b588eeaa20ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json b/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
index ed2e081b57..87e295ab1b 100644
--- a/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
+++ b/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1adf5433-698f-4938-938d-72ef56d214d8",
+    "id": "bundle--63b059b0-e369-49a4-b6b5-b1ae22296921",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json b/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
index 595faa0015..e552363428 100644
--- a/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
+++ b/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e0c664e3-0767-4321-aefa-c50a0e2d0596",
+    "id": "bundle--34b6435d-249c-4c39-b7b8-f4da6dab6c77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json b/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
index ed7b1c1203..84409bd916 100644
--- a/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
+++ b/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ecd0d16-ddc0-41fd-b012-290ce9a97bf3",
+    "id": "bundle--cb0ad874-f4e3-4161-b111-cc2f5b3ba950",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3.json b/mobile-attack/relationship/relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3.json
index a104a3793c..6aa8e1506a 100644
--- a/mobile-attack/relationship/relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3.json
+++ b/mobile-attack/relationship/relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8064042f-5b26-423b-b4e7-3c731fa49a3e",
+    "id": "bundle--cb12af39-00ab-4dd3-9d32-5e94826b6ff8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json b/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
index 18e56a8df4..5e3bb73bfd 100644
--- a/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
+++ b/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5ae78f8-d346-48cb-b6e3-744d30dfab49",
+    "id": "bundle--3d39cbd6-4a86-4428-b2de-08cad817a107",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json b/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
index 743422fb6c..c82c4b0c09 100644
--- a/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
+++ b/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc48772c-aa07-46a8-a58f-0e224c0d89d3",
+    "id": "bundle--13481284-d961-4a5a-801b-97d76794a4be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json b/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
index 6957c02343..f94994c411 100644
--- a/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
+++ b/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39352c79-3c63-4a9b-87dc-1ec7256511ec",
+    "id": "bundle--038d862b-1441-4c43-ad09-d6c9eec97e1b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json b/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
index 771551e65a..eb91ab2c75 100644
--- a/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
+++ b/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f45ab867-5fd3-4533-aeb5-5846c31b07a4",
+    "id": "bundle--f24384df-8e44-4404-9871-1f959e4f98bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json b/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
index 920a6105c8..2a4a8432c8 100644
--- a/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
+++ b/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8d035e86-5806-4e74-89e7-4dd71547ff6b",
+    "id": "bundle--6cae59a4-3edc-4aad-83dd-4f8c31b908e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ed48a86f-e55f-4abf-8f18-98591b756399.json b/mobile-attack/relationship/relationship--ed48a86f-e55f-4abf-8f18-98591b756399.json
index 6f6bc9d4ca..446939b073 100644
--- a/mobile-attack/relationship/relationship--ed48a86f-e55f-4abf-8f18-98591b756399.json
+++ b/mobile-attack/relationship/relationship--ed48a86f-e55f-4abf-8f18-98591b756399.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1beac82b-9564-4aec-9cd0-49db6b255573",
+    "id": "bundle--65ae9316-0846-46d9-99b1-ed9ddadb7912",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ed7e9368-004c-484f-9eed-03b158325564.json b/mobile-attack/relationship/relationship--ed7e9368-004c-484f-9eed-03b158325564.json
index 73a88eca34..c0e9d98ec9 100644
--- a/mobile-attack/relationship/relationship--ed7e9368-004c-484f-9eed-03b158325564.json
+++ b/mobile-attack/relationship/relationship--ed7e9368-004c-484f-9eed-03b158325564.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aeee52d3-07e2-494a-a991-274f406c7775",
+    "id": "bundle--d79c8f60-9227-455a-8be5-b03895c63521",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6.json b/mobile-attack/relationship/relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6.json
index 000e71f705..6167b21231 100644
--- a/mobile-attack/relationship/relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6.json
+++ b/mobile-attack/relationship/relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d96ca43-3b91-4138-aa80-c0fe9bbd0abd",
+    "id": "bundle--f1e1fb3d-fed6-4e08-96a9-a123766619c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json b/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
index 4c919adbaf..a8392eccb4 100644
--- a/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
+++ b/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50d0c088-7da0-44a4-b01b-e69bfe561666",
+    "id": "bundle--b7631850-8f54-4840-bada-e421091567a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json b/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
index 616747c327..d601ca314d 100644
--- a/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
+++ b/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--199cb04c-c36a-4b11-9b5e-c78b67f9b4f0",
+    "id": "bundle--4d85b28d-6cb1-41a5-9374-63b923e4aa69",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ee095f20-eef5-4dcc-a537-70b387592c2c.json b/mobile-attack/relationship/relationship--ee095f20-eef5-4dcc-a537-70b387592c2c.json
index 7ccbd733ac..0ace9717c8 100644
--- a/mobile-attack/relationship/relationship--ee095f20-eef5-4dcc-a537-70b387592c2c.json
+++ b/mobile-attack/relationship/relationship--ee095f20-eef5-4dcc-a537-70b387592c2c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c7bb290d-e1f9-4f33-a115-f88e1f0dff59",
+    "id": "bundle--68dcc615-3a70-4b26-86da-5362867d01db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json b/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
index a9eb47c430..a11d464c41 100644
--- a/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
+++ b/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--413607de-76ed-4c69-83bd-bbc9aabbe30d",
+    "id": "bundle--4326a447-233f-4622-aebc-796ef14af419",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json b/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
index 383a3e2435..4dd8348489 100644
--- a/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
+++ b/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c6cf7e30-a43e-4995-819a-900ccc99e146",
+    "id": "bundle--6c450ad3-f979-4b63-b65a-676ff665f2a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eee008fa-a46f-4542-93e3-8fe5f949130f.json b/mobile-attack/relationship/relationship--eee008fa-a46f-4542-93e3-8fe5f949130f.json
index 742a1f4899..0a0e9bcf3a 100644
--- a/mobile-attack/relationship/relationship--eee008fa-a46f-4542-93e3-8fe5f949130f.json
+++ b/mobile-attack/relationship/relationship--eee008fa-a46f-4542-93e3-8fe5f949130f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e046a7a-6d49-4ad3-9bed-d994db7b2777",
+    "id": "bundle--6877093d-0738-4a33-aa3e-a9d094321dfa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json b/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
index 4535fa44f9..77931f9070 100644
--- a/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
+++ b/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc68df8f-252e-4cc1-8a75-5864e7166ea7",
+    "id": "bundle--98cd1cb4-0561-4dc3-a949-d79909ef8f75",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json b/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
index 699cd32144..2f21d8482d 100644
--- a/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
+++ b/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bfc85b71-3d1e-4fdb-a674-0cf5d1bfdb1d",
+    "id": "bundle--47f655c3-8e70-443e-ac57-a8476b41ce21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json b/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
index 9ee133b66e..597444eb58 100644
--- a/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
+++ b/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--788ba02b-aeb1-4e83-84fc-54d092d840ef",
+    "id": "bundle--427e5db7-de4d-49cf-bf46-e494c3d07468",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json b/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
index a345e8d753..0a9640fe2d 100644
--- a/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
+++ b/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9e038d7-ae5b-4df8-b935-d91ae02acd13",
+    "id": "bundle--2410f5af-821c-4966-b2c8-6075cc670497",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json b/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
index 37b6b2977a..bddaa79fd0 100644
--- a/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
+++ b/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b210978-cec7-4c0b-b19d-675caee6b448",
+    "id": "bundle--a3f6b71b-920d-4c88-8484-023fa4a8007d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd.json b/mobile-attack/relationship/relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd.json
index 6c9faaa735..8619d427e8 100644
--- a/mobile-attack/relationship/relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd.json
+++ b/mobile-attack/relationship/relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5c7de7b9-ac81-4299-890d-80156222c864",
+    "id": "bundle--54447ca1-7b48-42d9-a582-085ae7f60f64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json b/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
index 09723d2a35..0a1c0f5cbc 100644
--- a/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
+++ b/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3864398-8f10-4d80-887e-42fb1dd41602",
+    "id": "bundle--c535e86a-c45a-42bf-970b-ed4677c4bdfa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json b/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
index fdfabc8bb5..1a2fc604db 100644
--- a/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
+++ b/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1fd9eee-b65f-4ee2-93d8-d8c62727824d",
+    "id": "bundle--e4a16777-3ee9-4f10-bbbb-9126cf31b7c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json b/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
index ffd3553ad5..6b14aa7df7 100644
--- a/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
+++ b/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--97934aa6-920d-43e3-8ea5-a4c9297afe1c",
+    "id": "bundle--fa5082f4-e613-46e7-b518-ca9e0b6e152a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json b/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
index 7a142dd104..64baf46036 100644
--- a/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
+++ b/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--894dd16c-53ee-48d7-bb3e-007dfb3b67f0",
+    "id": "bundle--f1b9731d-b06c-44a7-be9a-23231e0b2f67",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json b/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
index d50a2e1901..ebdaba6517 100644
--- a/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
+++ b/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2de52106-a709-4c6f-8f1f-d9b8a8620c37",
+    "id": "bundle--a2193b07-fbc9-4d53-ad5c-4f7432615dd3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json b/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
index ead180dde5..9bc8bbabc9 100644
--- a/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
+++ b/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdd95d41-1db7-475c-a1ad-ea241df6d773",
+    "id": "bundle--b98637ee-ccc3-4802-bca5-8bc3d94b3c6f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json b/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
index 9c4d7b8ec2..4891ee304b 100644
--- a/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
+++ b/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc079415-815a-4aff-988d-961d60661691",
+    "id": "bundle--be6f5162-55d9-4d3b-aa4b-3f5a07f56a96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json b/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
index cdac5d4532..25d279e6a9 100644
--- a/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
+++ b/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0efd0a1f-8ab5-4687-95a3-822c82f6c8e3",
+    "id": "bundle--bc818c2f-5196-44b4-b1af-28fad93b7cb2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json b/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
index c87cf861c5..35db1b0435 100644
--- a/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
+++ b/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a88cc06-eb00-45fa-8299-41a657007fb9",
+    "id": "bundle--a8845bdc-5036-4d10-8b5a-72ddb6ff2a82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81.json b/mobile-attack/relationship/relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81.json
index 7f6691eb6d..6df88ed854 100644
--- a/mobile-attack/relationship/relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81.json
+++ b/mobile-attack/relationship/relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ef02019-b038-4705-b964-45da8a825e4a",
+    "id": "bundle--1bcbd758-8c79-477d-a019-21a4f45e5004",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5.json b/mobile-attack/relationship/relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5.json
index 2da11b695b..92368b0ff4 100644
--- a/mobile-attack/relationship/relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5.json
+++ b/mobile-attack/relationship/relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d2fa162-f35c-4354-8050-3302acdd3c76",
+    "id": "bundle--5937a49f-a631-4880-9f41-75c504693fb0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json b/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
index 5188f161a6..aeefebc09e 100644
--- a/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
+++ b/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d9f88be-6807-4bb0-9d51-463f038ad838",
+    "id": "bundle--babe5d71-de7b-4e25-b59e-8534f9874545",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json b/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
index dbd5a6b7d9..4f3d14d843 100644
--- a/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
+++ b/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38fc631a-7f33-4329-ab64-4a626518bb65",
+    "id": "bundle--1f38321f-4fbc-400d-8339-0599d575936e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json b/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
index c4dda31830..c1a568fd21 100644
--- a/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
+++ b/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f99c9139-b100-467e-aea3-680e3fb8ab93",
+    "id": "bundle--93ed365b-6c1d-48d4-bf0a-fe9283fc2753",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json b/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
index ed10d8414c..0c7736bd04 100644
--- a/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
+++ b/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a04320a7-a31b-4bbd-bacd-c70bd76aeb93",
+    "id": "bundle--df93432b-f3f9-4ff4-925e-31e3f15d61cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json b/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
index 7afb12b81e..34d586d9ae 100644
--- a/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
+++ b/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0f97e75-3e0a-4ba6-ba0c-a565bf624b12",
+    "id": "bundle--87052d50-e622-453f-9935-b8339662fec8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json b/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
index 3a7222da7f..b6df584742 100644
--- a/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
+++ b/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fabf5dd5-ac3f-457e-87be-5c7a0f0c4fe4",
+    "id": "bundle--1d8688ef-c844-4841-a4ed-c7b6f505a480",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json b/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
index 744c97ccc6..9dfd23dd44 100644
--- a/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
+++ b/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e49e1ed7-2787-4bad-aaaf-71b5a4f394a2",
+    "id": "bundle--7dffae64-833d-4b3c-9ff1-816d2109e120",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json b/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
index 5a62544068..280fac9338 100644
--- a/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
+++ b/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d429d84a-ddf0-41c5-9e2d-8af2831ed5c2",
+    "id": "bundle--08b3717d-196f-45f9-b337-1ce48560ac12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a.json b/mobile-attack/relationship/relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a.json
index daefc7f396..a203ab5fc7 100644
--- a/mobile-attack/relationship/relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a.json
+++ b/mobile-attack/relationship/relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ef70ac2-45fa-4d1b-a93f-b1628049b374",
+    "id": "bundle--85166d22-e103-444c-b6d9-b9fa50e74b78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json b/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
index c77a16bb9b..4f4560fb2e 100644
--- a/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
+++ b/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a06455fb-d474-4ec9-9713-af34a6e17c6b",
+    "id": "bundle--cb8e0f61-5766-4ae1-ab26-e97bc0d0eb49",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78.json b/mobile-attack/relationship/relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78.json
index fce8ba82c4..07507338f1 100644
--- a/mobile-attack/relationship/relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78.json
+++ b/mobile-attack/relationship/relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a6eac88-724a-4bc5-bade-47e6dba2f92c",
+    "id": "bundle--2fd90645-3e71-440a-9af7-c547cdcab002",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json b/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
index 22f5ec1d7a..cd92970daa 100644
--- a/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
+++ b/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aebb4463-5e75-4363-bb14-be64fd715d13",
+    "id": "bundle--19adc504-7d11-4817-aeea-d37941ef2bbe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json b/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
index 8509ede08a..8aa5317552 100644
--- a/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
+++ b/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3b834e5-83df-4440-ab4a-742d6aca5751",
+    "id": "bundle--527c52b5-ed8a-4d16-a646-44faca643fb9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json b/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
index 72e27810e5..7039e57b6c 100644
--- a/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
+++ b/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96be4d8c-8ffd-4abd-947e-6eac30993375",
+    "id": "bundle--9897cf5e-05c5-462b-af59-0eab601e3c8d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json b/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
index 4e72084cc1..7255470719 100644
--- a/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
+++ b/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5bc6110d-e2fc-4242-a1b9-467838c791dd",
+    "id": "bundle--174bbc3c-72f8-473c-b272-b61969b8cd49",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json b/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
index c45ecb9225..81c1401745 100644
--- a/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
+++ b/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00fa9959-e6e6-4de8-8c56-7bcb152b7f48",
+    "id": "bundle--ea0a6a52-451b-447f-94dc-4f0eed313191",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json b/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
index 9c7b97df95..5cb20cbbdf 100644
--- a/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
+++ b/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--79569ce7-3065-4b5e-b063-a54b8f155ee9",
+    "id": "bundle--65c397c3-a137-4ce4-8a3c-6617782778a7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json b/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
index 0f65b55ede..9f2177232b 100644
--- a/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
+++ b/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f175666f-f312-4c36-bb12-1ad232baa299",
+    "id": "bundle--e8156129-9e26-41af-906d-f9a94f890a5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json b/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
index 2bedb53aae..e2f042a11c 100644
--- a/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
+++ b/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12d7cb26-aae0-4c0a-b70f-2dfec80758e0",
+    "id": "bundle--f74fb2f7-cab9-4a14-9703-b54ed42b84ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json b/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
index fbb8092b1e..505f6c5d22 100644
--- a/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
+++ b/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf03e987-0088-4e2b-8e6a-e9a755a387de",
+    "id": "bundle--9a6c4dc9-c1d3-48f5-80b8-1028bc73428a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json b/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
index 5ab588e3af..9d3a7f497f 100644
--- a/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
+++ b/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--90ec2ab2-a631-4cb0-b0b7-2762968fb7c5",
+    "id": "bundle--b1d7d236-7a6a-40c7-8350-ac7de216bae2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json b/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
index 55c619cab3..d75cf23d86 100644
--- a/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
+++ b/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5d2e5dac-1f32-457d-befe-3151fcfce0de",
+    "id": "bundle--6e32453e-2e16-4b97-9ce7-82e9fcf05ca8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json b/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
index 7ef48a64a4..e9c9c33b0d 100644
--- a/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
+++ b/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1fc60d9-f74a-4a54-8e84-863fab34c5dc",
+    "id": "bundle--f69f3a97-8831-4834-ab59-1863454a9d9e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json b/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
index 2b4d7c1768..d581fa79c9 100644
--- a/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
+++ b/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da3ada75-2433-4cac-9a7e-348c8dd90bc8",
+    "id": "bundle--0eb93157-32c5-4096-83f4-bd751b35e4da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json b/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
index e15975997a..0dfbc67f0a 100644
--- a/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
+++ b/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5a6b9b3-737c-4d43-8cdc-2d431de80e52",
+    "id": "bundle--fce71e4e-026f-42cd-bf1f-0bcb238a8207",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json b/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
index 29f4ee52d2..f9a77fcfa4 100644
--- a/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
+++ b/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c81d7f8-fc25-4771-80e7-7bc2e8373e1a",
+    "id": "bundle--d1f2d38d-6e62-40d4-b87c-3fbe706b59b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f857935b-653a-4b9a-a2dc-59c042059a39.json b/mobile-attack/relationship/relationship--f857935b-653a-4b9a-a2dc-59c042059a39.json
index 4c4d898596..a4d5a56bec 100644
--- a/mobile-attack/relationship/relationship--f857935b-653a-4b9a-a2dc-59c042059a39.json
+++ b/mobile-attack/relationship/relationship--f857935b-653a-4b9a-a2dc-59c042059a39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77980894-47a6-4baa-acc9-726f36349de8",
+    "id": "bundle--fde8fc51-028c-40c7-aa6d-311ea515e146",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json b/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
index db4f09873e..af8c45ce56 100644
--- a/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
+++ b/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e1bf1b9f-2424-438e-9504-f160ab7d71f5",
+    "id": "bundle--6fa94aca-58ca-409b-b1c8-9e3c10cfab36",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json b/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
index 6173ecd9aa..a75722bcc1 100644
--- a/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
+++ b/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ccef4ed-5f9c-447b-a007-91e2201d2964",
+    "id": "bundle--5256db90-df33-41d5-a888-e3a4d9d1cc8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json b/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
index b5ddfc64e3..4264c511fb 100644
--- a/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
+++ b/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56042ebf-37db-47ad-8803-e8d4db8158a5",
+    "id": "bundle--28042ed2-359f-4100-a4ce-bf1fc63d16d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json b/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
index 1cb3612810..5a9d9dbc00 100644
--- a/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
+++ b/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--31f941b1-cddf-4644-b362-e11e8527f248",
+    "id": "bundle--0ca97d55-f0b4-4652-a5de-0c4c690227fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json b/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
index 5530de1e18..122a9f6cf9 100644
--- a/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
+++ b/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f2b940d5-0653-4765-ab8c-6f59d55c8932",
+    "id": "bundle--02dbd5c6-3b35-4049-ab59-14ec936b4532",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json b/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
index d2400af6f7..e92032c026 100644
--- a/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
+++ b/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ed7d04c-99e6-4279-a550-15852c34bc51",
+    "id": "bundle--7430a0c8-24fb-492a-b438-80e48e543989",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json b/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
index 0dd97ff6c7..e0fe06021b 100644
--- a/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
+++ b/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--47990c70-b6d0-4922-9627-628ea5b180c5",
+    "id": "bundle--f652914d-cf4e-49b0-a5fe-3ab657027524",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json b/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
index c26cca9dc0..72c7f56c92 100644
--- a/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
+++ b/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8e8decc1-ccff-44f8-a5bd-3ee4fd2d63a2",
+    "id": "bundle--0ede4576-c329-438f-8391-cfd51b6f32ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json b/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
index 9c6d382513..cdd6a2de2e 100644
--- a/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
+++ b/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ceacbd1-8352-4d65-9574-54b15924aba8",
+    "id": "bundle--0b4c9ede-8dca-4186-a1c3-c8e314e4c27c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json b/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
index 51a4c344ea..b744789385 100644
--- a/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
+++ b/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdf7366e-91bf-4361-b008-ed727328ee6e",
+    "id": "bundle--2c234dd2-e508-4ce1-8e2b-855e32648b22",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json b/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
index e15e74ca03..eb1eb21fb9 100644
--- a/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
+++ b/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f50d2e1-ca50-4a99-b108-b3575afdbddc",
+    "id": "bundle--e03ad305-cb9b-4787-91d9-a287cefc3bb4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa5f3aea-2131-4690-8833-dc428fae2b22.json b/mobile-attack/relationship/relationship--fa5f3aea-2131-4690-8833-dc428fae2b22.json
index 00438b0bc8..1be83da4c1 100644
--- a/mobile-attack/relationship/relationship--fa5f3aea-2131-4690-8833-dc428fae2b22.json
+++ b/mobile-attack/relationship/relationship--fa5f3aea-2131-4690-8833-dc428fae2b22.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a3d548f-6b9c-4c85-afff-cb6dc539509b",
+    "id": "bundle--e29c29b9-b33d-4fa2-8497-749c50a897f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json b/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
index d6f5761ee8..6e45289b8f 100644
--- a/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
+++ b/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8f4e9a8-49a7-4046-ba48-83acb05dd2f3",
+    "id": "bundle--f4019a87-6100-489f-8f1e-6de8a03e3d05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json b/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
index 35c69efc97..87bf994217 100644
--- a/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
+++ b/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e0421ca1-2029-4b75-8a77-458b328ff198",
+    "id": "bundle--1015ffcc-606a-4f8a-bb17-61733ea01c8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json b/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
index 5fd1a1047b..fdf2cd4ad8 100644
--- a/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
+++ b/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38b97369-5210-429b-9daa-75676a175fc9",
+    "id": "bundle--5d32031b-4457-4305-846b-b82b54d01b1b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json b/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
index f4063363df..b729803e42 100644
--- a/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
+++ b/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c91742c1-7ce9-45da-ba6f-e80015598f5b",
+    "id": "bundle--151f3c51-8f3f-4cae-89d1-29a831daafc0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json b/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
index 577ce85f92..33198019ef 100644
--- a/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
+++ b/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c286f270-bd6f-4ee6-95e9-935e27af89f0",
+    "id": "bundle--36cf88e8-ac88-4847-8c7b-f8c881ea1e3c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json b/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
index ac55ce6698..ae3196632c 100644
--- a/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
+++ b/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--43f67a9e-457b-4fd8-8cb5-2bf4323d719d",
+    "id": "bundle--f4584d1a-55c9-47ae-a165-50775a210ebc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json b/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
index 075c86a3fe..7e4434e6d3 100644
--- a/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
+++ b/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--63a84c35-8446-4a1a-b4a8-32d5bf906418",
+    "id": "bundle--512d20e5-b907-433d-849d-8f0986165507",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json b/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
index f43a335c9e..9f586ac809 100644
--- a/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
+++ b/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--949f8899-5929-42f1-99c6-dd63334f6b57",
+    "id": "bundle--ab6e6b4c-3bdd-4945-b181-70711a89cdee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json b/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
index f170dd8b11..0dac61d589 100644
--- a/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
+++ b/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5abd3a6-239e-4597-9b80-8b5ca3dcf927",
+    "id": "bundle--623e7d7a-0e79-41f8-b623-2ad79dfbfb77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json b/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
index 65fcd0138a..768fcb499d 100644
--- a/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
+++ b/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aee40b3b-540f-4f0e-857f-2c42902ada32",
+    "id": "bundle--d896f44d-f963-429e-844d-63f55e70367a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json b/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
index 1f36459020..c52c6a382f 100644
--- a/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
+++ b/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50ed49f5-5a87-44e1-90f4-c3623d288eae",
+    "id": "bundle--66076b39-d882-4f6b-b30c-d8ea0c926789",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55.json b/mobile-attack/relationship/relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55.json
index 359276fab7..61a782698f 100644
--- a/mobile-attack/relationship/relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55.json
+++ b/mobile-attack/relationship/relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--812520c5-3b28-49a1-b11e-923b788130e8",
+    "id": "bundle--c722d56b-273e-45a1-9927-8db11981434b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json b/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
index 183b2002f5..b616821ea0 100644
--- a/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
+++ b/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--126c7daa-5dac-4914-93de-3692af34e342",
+    "id": "bundle--646fe9cf-c28e-400b-b20c-763b60fbd736",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json b/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
index 87d665cda9..1cbc61bd9b 100644
--- a/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
+++ b/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ccb2f3d4-9795-4b83-95fe-ec38a4667ff1",
+    "id": "bundle--9c4855f4-cc30-457a-8d88-1cfbec5d716e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json b/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
index d313cb99cd..25a438a4d0 100644
--- a/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
+++ b/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--062df60a-5eaa-48a8-bb4f-02e62fd1f523",
+    "id": "bundle--07225759-ee55-44eb-ab69-0505166450fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json b/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
index d52972df63..7d73e596f9 100644
--- a/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
+++ b/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c708072-75a8-4599-8bd8-7ed9870af5f1",
+    "id": "bundle--36ae66eb-be6c-4571-997e-cedc679ec41c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json b/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
index 3cec9c3e28..1f2862fbbd 100644
--- a/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
+++ b/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7de773f-1f53-4d15-97ae-49394b3bca4a",
+    "id": "bundle--4ad3d8e2-7915-4041-8143-7b023003fcd3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json b/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
index c6eff880fa..004f37871d 100644
--- a/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
+++ b/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67ef24e0-c879-41cd-86ae-24ca28b014b5",
+    "id": "bundle--9dee057f-dd24-4c8e-8483-c6d2649ac9ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549.json b/mobile-attack/relationship/relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549.json
index 1eee4b63a6..e482b91e83 100644
--- a/mobile-attack/relationship/relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549.json
+++ b/mobile-attack/relationship/relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e1e82199-9652-496e-a28d-6ef871742445",
+    "id": "bundle--7d605ed3-843e-4296-bbb0-459f5cbf2158",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json b/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
index 0cfc220f0d..70966342f8 100644
--- a/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
+++ b/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fca60503-e9ab-45c3-9b8f-1efe6704321d",
+    "id": "bundle--b9e4d8bb-2ee5-4328-9fdc-9783461a7e5c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json b/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
index 07f4669e83..94c5f7c907 100644
--- a/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
+++ b/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93e5a728-627e-47d4-9cb5-c6c9656d4311",
+    "id": "bundle--387e50ff-a8cc-417e-bfa4-2eed928d8518",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json b/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
index 9917f410bb..db3f793326 100644
--- a/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
+++ b/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--637a9867-9c30-436d-8350-3471a1a8908f",
+    "id": "bundle--1daac5d2-3700-4242-919e-2b744baeed8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json b/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
index 4e51ea9b11..8a999e98a5 100644
--- a/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
+++ b/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dd3299d5-85bc-4551-8c40-e93f7fd368ac",
+    "id": "bundle--ea7ab4c0-ff62-490d-9cba-8a7143b50946",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ff3aa49b-c054-44ec-89da-6c67d4995193.json b/mobile-attack/relationship/relationship--ff3aa49b-c054-44ec-89da-6c67d4995193.json
index 76f15b0b0d..6abfb5fb54 100644
--- a/mobile-attack/relationship/relationship--ff3aa49b-c054-44ec-89da-6c67d4995193.json
+++ b/mobile-attack/relationship/relationship--ff3aa49b-c054-44ec-89da-6c67d4995193.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4145e7ea-b67f-4dcc-872f-ae3d44018e57",
+    "id": "bundle--d2aea618-a9e3-4c86-9613-8ce2762050e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json b/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
index 66204a0123..d1bbc4e50f 100644
--- a/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
+++ b/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72a148e6-d4d1-408a-80d9-4ca263ba4f3a",
+    "id": "bundle--e80f9bcb-1e25-472c-a73d-158a51f95f76",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json b/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
index f1017fe59e..7321c38593 100644
--- a/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
+++ b/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95de34c1-ee71-4e1f-8f98-b1f86800f6d9",
+    "id": "bundle--0f30608c-d7e5-4e13-89e6-8f37dff9cb2c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json b/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
index 8faebd853c..b633657938 100644
--- a/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
+++ b/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ced3c70c-cdbe-4085-9fe6-4575bd30f04e",
+    "id": "bundle--50484108-4f2b-49a3-b566-e64ec1b2e7f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json b/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
index de1eacdff7..dad94e0221 100644
--- a/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
+++ b/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6d2c169-53f6-4d46-acd3-d5e6b5fc776f",
+    "id": "bundle--9ae69822-6199-4b2c-b28b-69c57f547116",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json b/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
index 1fe6f23ac0..30be72062f 100644
--- a/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
+++ b/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9cc6b508-ee43-498b-bb63-be2b083e95fd",
+    "id": "bundle--97131e09-4d17-4422-923c-6e5bdc54f062",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json b/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
index 23a0089911..dbd5c5565d 100644
--- a/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
+++ b/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f2255a14-a2d7-4992-ab57-468b1c16c91e",
+    "id": "bundle--f71c2f58-d4a1-4e14-b9fa-e0d45bc2b7a7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba.json
index 95aa3d3b4c..7d81fe4d0b 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--777a9cd6-5ad5-49d9-804a-e018bc05e975",
+    "id": "bundle--0278285a-6a54-465c-8d73-fad0bcb32805",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c.json
index 2fe3df13c2..29c702b526 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b51b7ad3-ba4f-41e1-8861-23023cae8cdb",
+    "id": "bundle--2dfe1862-e2e4-4755-a6b0-e97b3c1a3157",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077.json
index a7eea129d9..22ab05d16e 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c5259ad-9d98-473f-881a-50c7cccd0a4f",
+    "id": "bundle--21875d58-4868-4d63-bd7d-fca721caf4f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6.json
index c198cf0552..d9c88f869a 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4836d1b-bc35-4999-ad5c-36e50ea65d65",
+    "id": "bundle--5194ca2c-f959-45f1-8583-75c6a758e5ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962.json
index b86be43386..6fbbfac6e3 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8082951d-b1b7-42fe-84a1-aecbda33694a",
+    "id": "bundle--72b54462-4fc8-46ae-b018-773e49d92436",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f.json
index 164794fb29..91461a3187 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--112ee298-f73f-4d5b-92fe-39b934f8e325",
+    "id": "bundle--80d3bbdb-522c-4eaf-a37b-5882eda4a6e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0.json
index 2049506a5f..7da1cdf132 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--57e699a7-8455-4094-bcb7-7198c70469b5",
+    "id": "bundle--79345f19-b05b-4014-844d-7c2e85fc52d5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2.json
index fffad446e1..9f383dc393 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ae85929-7b1d-46b6-9bc3-8077084474a7",
+    "id": "bundle--61cce305-4a82-496f-b88d-67941367e5c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0.json
index 25c2a93be7..0cf8a370e7 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7461cb1-1742-4ae9-9095-e4ecd6f59518",
+    "id": "bundle--f7176a61-17fe-43e1-b7dd-2a062b8b5630",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6.json
index fe154dcb1e..56153d709f 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd9f1ba3-1217-4498-86b6-e2638585db0c",
+    "id": "bundle--88ea97e1-255d-4229-862a-d92f593a12a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a.json
index 1f46de2c1e..c098cbde4b 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e2afb440-0c54-4663-ba79-57436ba98be9",
+    "id": "bundle--70735986-4548-4cb1-9bda-21d93912f89d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43.json
index 695654ec38..6a1e2dd8d7 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--123a5cb2-7d89-4b2f-818c-e90a3d4db18d",
+    "id": "bundle--b8f0a1a2-b1f2-4ff0-a1ed-b2aafb713385",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4.json
index ea073e0af2..d5d0e9990c 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a0ff2299-ef5a-408a-b956-2189a4182efa",
+    "id": "bundle--d1fa7cb9-a729-40ac-b928-625913f34835",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456.json
index c3990118be..7726d9a543 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5710f34-21d7-4d66-aee1-efa8a1ae15ce",
+    "id": "bundle--7120e9bd-cb23-4f48-9d8c-612e9e02c791",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1.json
index 2ce7140533..825447db21 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ddeb8a9-6ad0-4a4d-a429-ed01d8a8a353",
+    "id": "bundle--0a1effba-3584-4425-86dd-607896b5668e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159.json
index 5894c57a02..4c29ef93b0 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03ef039e-23fa-4b14-ad2e-5e6e335eba2a",
+    "id": "bundle--70f69f14-8725-4bb8-80e4-fc71bd65f6df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8.json
index 1e5b6bab29..7f265ca938 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b78f94cf-0fe4-420c-b60e-27cda27ffcdc",
+    "id": "bundle--3ecebfce-4aec-4ea6-b060-17661c3a6cc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089.json
index 6f029a26a7..39a11ffd1d 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9cd5e221-dbb1-4277-be79-257bd75f99a2",
+    "id": "bundle--f1bfe9e1-f359-4d38-963a-2adc8db6aec6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3.json
index 31a1ab9259..346244bcc4 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c92c2491-0b24-4db5-aedf-a02f81c377d5",
+    "id": "bundle--d0961e83-23a6-4dad-8404-58121f6ec8c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203.json
index cabc2f82ae..df30d53317 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e50968b-f2bb-4dee-8c92-a34a44ce5ac3",
+    "id": "bundle--5468b4df-44d1-4b46-8475-04d49be5227f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22.json
index 7dd25ed05b..80e3a04526 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c96b55c-6f8c-49e9-8e92-34b3cfe4e4c3",
+    "id": "bundle--5e7c5799-7e20-4ef2-8eb3-8c613bc21759",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json b/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
index e080910ba6..f484393385 100644
--- a/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
+++ b/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56a45dec-b03f-4e67-aa97-5b3ddeefe6ca",
+    "id": "bundle--be196bb6-cf38-4f9d-a5f3-62f4637aa72a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json b/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
index 8a75ce39bb..5bb3a5649a 100644
--- a/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
+++ b/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a172c9ca-dd28-43b5-91b4-d8bb690d2dab",
+    "id": "bundle--52e0f65f-4996-4c47-bddc-a955e1c146f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
index 4629127459..ee384fbbc1 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc5c6135-614f-4014-9bbf-499e7d46f63d",
+    "id": "bundle--efaa34ae-128a-4eb3-a11c-11b128e17a15",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
index 23bdb00819..5e98321260 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f17a4d5c-855b-4957-a9d4-021b039b7e1d",
+    "id": "bundle--a51ac7ef-bf20-43c3-9d29-fd6b24ff1cfd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
index 5c30aa1b2f..64a141a581 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--333ef7fd-0f0a-4d65-9fae-e64911dfb096",
+    "id": "bundle--c696cc12-32dc-4f36-904d-d2d3160610d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
index 245d957c04..dc35918e76 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b58591d2-ede7-40aa-b80a-cca66cc2ccaf",
+    "id": "bundle--fda64103-db36-4894-bd9d-0ad5cf812e8f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
index fa90d808da..b42b211de2 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5026ddb1-c4c7-40b1-9b2e-a13ed1be977a",
+    "id": "bundle--3df1208e-3dc6-4bb9-a03d-ebbe96660545",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
index 564119230d..6a9121e0b5 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--803ce76b-2a3f-479e-85e7-39e37878d0a8",
+    "id": "bundle--8231ef22-d43a-4a87-8a0f-ce4542ee34ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
index 3c31340c4e..0c94ca893f 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aae2b17c-8e82-478b-9cac-69f26624f5e6",
+    "id": "bundle--e9f56564-292a-4db4-9c7b-5ef26e84e012",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
index ff6aaafb42..4ec0d94a2c 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c30fa9bf-9b97-4167-9c86-16d183cd51bf",
+    "id": "bundle--a6613e71-6917-4ebd-82a3-67089ca67edc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
index cd61510449..99c58e9efc 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4199c0bb-3a46-49c2-b20f-818201bc9fb4",
+    "id": "bundle--7e6bce62-7e05-4139-9243-e538cbe9c372",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
index b6a2fd565d..6430906954 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8db72ade-de32-45cd-ae96-de0780fa13db",
+    "id": "bundle--ae081da6-a00b-421b-94b0-d325ce3bb91c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
index 5d30c45136..0f22757be8 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fbe237b5-f482-45b6-b908-d230c75c33fb",
+    "id": "bundle--4a021dda-0950-43dc-9570-b431b667e116",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
index c50798c86e..487a24461c 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99910d05-b3b8-4679-aac4-f76e13226671",
+    "id": "bundle--81031e9d-fff8-4a4d-8910-f277a9bc8ff0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
index 853737435e..648321ba66 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f6cf787f-ac7d-4582-b25f-128cd2f63aeb",
+    "id": "bundle--40759d9d-4a98-4b9d-9e3b-65feb5311124",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
index 5711d34c95..99c150efa3 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--16bcb76b-8caa-4272-9aac-4c04b35cd2eb",
+    "id": "bundle--4d8dee21-bbff-49dd-a8d3-96a09a77cb5a",
     "spec_version": "2.0",
     "objects": [
         {